IE-zero-dayThe zero-day threat that Microsoft issued a warning for, regarding a flaw in Internet Explorer this weekend, affects all versions of the software beginning with IE 6. A zero-day attack is a threat that exploits a previously unknown vulnerability in software. This means the issue has existed for quite a while and has already been exploited in the wild. The vulnerability relies on Adobe Flash to allow remote code execution by websites that exploit this bug. In order for attackers to exploit this bug a user would have to be convinced to visit a website that contains code to take advantage of the flaw. Sites which allow users to add content are vulnerable as well as sites that would exploit the bug directly.

For Cobalt’s clients who are using MS Dynamics CRM 4 and CRM 2011 pre Update Rollup 12 (Cobalt version 2.4.1 and below) you can continue to use Internet Explorer to access CRM without any need for concern. Dynamics CRM does not make use of Adobe Flash and is safe from the injection of code that would take advantage of this flaw. However, it is recommended that for normal website browsing outside of CRM that users utilize another web browser until a fix is available. Chrome and Firefox are 2 popular alternatives. For Cobalt’s clients who are using CRM 2011 post Rollup 12 and CRM 2013 (Cobalt version 2.4.2 and above) all major browsers are supported including Internet Explorer, Chrome, Firefox and Safari.

5/2/2014 Update: An update has been released which fixes the vulnerability, including Windows XP https://twitter.com/IE/status/461923004302516224

Learn More About Cobalt