Now that the frenzy has subsided from the brouhaha caused by the Microsoft Internet Explorer security flaw—making waves around the world which rippled pretty forcefully into the multifamily industry—I thought I’d come back and do a postmortem on the problems, fixes, and outstanding issues that this IE vulnerability brought to the surface.
At the end of April the internet security firm FireEye discovered a flaw that affected all major versions of Internet Explorer released over that past decade. The flaw, now known as the zero-day exploit, allowed attackers to install malware through Flash that could be used to steal personal data, track behavior, and even gain access to your computer.
The overarching recommendation when this flaw was announced was that users discontinue the use of IE until a fix was available. But the problem that many in the multifamily industry faced was that their property management software required the use of Internet Explorer, and in many cases a very dated version of the browser. The only solution for these users was to disable IE’s flash plugin on every computer and hope that malware hadn’t already been installed. It was a time of worry and uncertainty for many multifamily professionals.
Around the first week in May, Microsoft released a broad swath of patches to Internet Explorer, and even made a rare exception to patch Window XP, which had been discontinued support for quite some time. The fix was a welcome relief for many users. For those who had their automatic updates turned on, the fix was installed and they went back to their daily routines. But for many users with their automatic updates turned off or with access restrictions that require a network administrator to install, they’re still susceptible to the flaw until they manually update their browser.
The zero-day exploit may be patched, but it opened our eyes to many other IE vulnerabilities out there. Pwn2Own, a competition held last March to see if potential IE exploits existed, found three new IE exploits that have yet to be addressed by Microsoft. There is also another apparent issue with IE that Microsoft plans to release a patch for sometime today. It’s unclear whether or not this flaw was connected to the zero-day exploit or if this is something completely unrelated, but the underlying issue here is that Internet Explorer continues to be the most exploited browser on the net.
Internet Explorer issues are out there, and they aren’t going away. Multifamily professionals deserve better than web-surfing circa 2002. They deserve to access their technology platform from the browser and device of their choosing. It’s time to break free from the prison of bad property management software.