Security Checklist: Preparing for a Cyber Attack Microsoft IE is under a storm warning. The Internet Storm Center (ISC) raised its threat level to Yellow, indicating a significant new threat involving a vulnerability to all versions of Internet Explorer. ISC stated that it was seeing increased exploits in the wild based on Microsoft Security Advisory […]
Security Checklist: Preparing for a Cyber Attack
Microsoft IE is under a storm warning.
The Internet Storm Center (ISC) raised its threat level to Yellow, indicating a significant new threat involving a vulnerability to all versions of Internet Explorer. ISC stated that it was seeing increased exploits in the wild based on Microsoft Security Advisory 2887505, so felt it necessary to raise the threat level. According to Computerworld:
Microsoft’s advisory, published Sept. 17, acknowledged that hackers were exploiting Internet Explorer 8 (IE8) and IE9, but added that the vulnerability — which remains unpatched — affected all versions of the browser, from the 12-year-old IE6 to the not-yet-released IE11. Microsoft has not said when it will patch the bug, but it has offered protective steps customers can take in the meantime.
CIO Today explained what the bump in the threat level means:
Threat level “Yellow” at the ISC is two levels below ISC’s Red, the organization’s highest threat level. Yellow means the impact of the threat is either unknown or expected to be minor to the infrastructure Relevant Products/Services. However, local impact could be significant, and users are advised to take actions. Orange signifies a major disruption in connectivity is in progress or imminent. Red means loss of connectivity across a large part of the Internet.
The discovery of the exploit was first reported by FireEye, and labeled Operation DeputyDog. Right now, it is primarily targeting organizations in Japan, but the security experts believe this is just the tip of the iceberg, and that widespread attacks are possible.
Do we need to be concerned? Probably, as we should always be concerned about any vulnerability or zero-day attack possibility. Anyone using IE should apply the Microsoft fix, and if an out-of-band patch is released (a possibility but not a given; Microsoft’s next Patch Tuesday is October 8), apply that immediately, especially if you are using XP or Windows 7 as your operating system. As CIO Today explained:
“The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer,” said Microsoft. “An attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the Web site.”
Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
