How to Guard Against Internet Explorer and Edge Vulnerabilities
Earlier this month, Microsoft issued 14 security bulletins, one of which corrected a zero-day vulnerability in Internet Explorer (IE) and Edge browsers that attackers have been leveraging for more than two years. The flaw, CVE-2016-3351, makes IE and Edge users vulnerable to exploitation from malvertising groups. The AdGholas malvertising campaign went undetected by many security researchers since 2015 and served malvertising to as many as five million users a day.
In light of this vulnerability, your organization could face potential consequences due to authentication attempts from outdated IE or Edge browsers – but you can mitigate this risk by implementing the right security policy. You can require users in your network to either use non-IE and Edge browsers, or update their vulnerable browsers within a specific timeframe. With Duo’s new policy features, you can immediately block users and/or require that they update in accordance with your corporate security requirements:
When a user is blocked, they see in the authentication prompt that they are not permitted to access to the corporate network while on Internet Explorer or Edge browsers due to security concerns:
Then, the user can click on “see what is allowed” to view all acceptable browser versions and self-remediate by updating their browser. With the updated browser, they are granted access into corporate systems.
In addition, you can set a policy requiring your users to update their vulnerable browsers within a prescribed time. As that deadline approaches, the user will receive the following notification from the Duo authentication prompt:
In both scenarios, users are provided links and directions to remediate the problem, allowing a seamless solution for both your organization and the end user. Keeping your organization secure is critical, especially given the historic nature of how long these browsers have been exploited. You can set and enforce these policies all through the ease of Duo Access. Haven’t tried it out yet? Get your 30-day free trial and start protecting your organization today.