NHS Trusts urged to upgrade Internet Explorer
Printer friendly
The vulnerability is present in multiple versions of IE and can be exploited to run unauthorised and malicious code on numerous versions of the Windows operating system should users inadvertently visit a compromised web site, according to the bulletin from the DoH's informatics directorate.
Such code enables attackers to download and install further malware or spyware on to affected computers, to add user accounts and to steal locally- or centrally-held potentially sensitive information. An infected machine could also be used as a zombie to stage attacks against third parties, which would be damaging to Trusts' reputations.
But targeted attacks using the flaw have so far been aimed at a number of large organisations using only the IE 6 browser running on Windows 2000 and Windows XP. As a result, the DoH is advising Trusts to either patch their systems when Microsoft makes a security update available or if it is not possible to do so, to migrate to Internet Explorer 7.
'Internet Explorer 7 has been warranted to work correctly with SPINE applications such as CSA and provides additional security features over Internet Explorer 6,' the bulletin said. Similar recommendations have not been made for a move to the latest version of Microsoft's browser, IE 8, however.
IE6 is currently widely used with the UK public sector and the Cabinet Office has already issued an advisory notice to central government departments on how to deal with the issue. Governments in France and Germany have gone further, however, advising all citizens to move to an alternative vendor.
But Home Office minister Lord West said in a parliamentary written answer to Lord Avebury on 28 January that he believed there was no evidence that a fully-patched version of IE8 was any less secure than any other browser. He had been asked whether the UK public sector should dump IE entirely.
- Login or Register to comment
- Add to a social bookmarking site
Editor's Manifesto: Tales of the entirely expected
"Several weeks into the new era of Coaltiion Government and certain key themes are emerging. First up, it's clear that the battle of the 'who can get their memoirs out the door quick enough to steal a march in the revisionist history stakes' has been triumphantly won by M'Lord Mandelson (Weren't those TV ads scary – the velvet smoking jacket, the leather fireside chair, all that Brillcream! The only thing missing was the theme tune to Tales of the Unexpected and the accompanying prancing sillouette of Harriet Harman or Diane Abbott dancing!)” Read more
The Dispatch Box: Data quality and the public sector
Colin Rickard, managing director EMEA at SAS subsidiary Dataflux, argues public sector data must be of high quality if the efficiencies promised with ICT and infrastructure is to be realised.
"Tackling the public sector’s data integration and data quality challenges is a tough prospect. The challenge may require more effort than a comparative project in a large private company. Data must be governed according to a strategy that necessitates bringing interested parties together.” Read more
Innovation: A step too far in the austerity age?
Complete and enter our draw to win a free seat at the e-Government Awards. The public sector is already perceived to be lacking in innovation, but is that a fair assessment, and what role could it play in helping the government meet efficiency targets? What do people working on the frontline of ICT in public sector organisations think? Take part and share your views
James Gardner, CTO at the Department for Work and Pensions discusses his thoughts on innovation in the public and commercial sectors.
Source: K2 Advisory