DoH urges NHS staff to stop using IE6

Department of Health directive warns of the potential for 'reputational damage' if employees continue using Microsoft's ageing browser.

Doctor at computer

The Department of Health (DoH) has urged all NHS staff still using Internet Explorer 6 (IE6) to upgrade to version 7 of the browser as soon as possible.

Earlier this month, Microsoft issued details of a security vulnerability identified in IE6 that allows remote execution of malicious code via an invalid pointer reference.

This was reportedly the route identified as having been used by Chinese hackers to infiltrate the systems of Google and several other large companies in December a move that saw Google threaten to pull out of China altogether.

Microsoft has since issued an out-of-band security patch for IE6 to address the issue, while the Cabinet Office has issued an advisory to Government departments on update from the browser.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

And now, in a four-page bulletin (PDF) issued by the department's informatics directorate, the DoH's staff have been urged to take action to ward off potential "reputational damage".

Staff are warned that the vulnerability could allow cyber criminals "to download and install further malware/spyware on to the computer, add user accounts to the computer [and] steal sensitive data held locally and centrally".

The warning continues: "It is also possible that exploiting this vulnerability could allow for the compromised computer to be used as a staging point' for further attacks against other computer systems including those outside of the organisation.

"If an organisation has systems compromised via this vulnerability, there may be consequential reputational damage, especially if sensitive data is affected or the compromised system is used to attack other systems."

Employees and departments have been urged to act quickly, at the very least to apply Microsoft's newly issued patch, but also to look at upgrading the browser itself.

"It is recommended that this update is applied to all affected computers within an organisation. Organisations should ensure that appropriate levels of testing of the update take place prior to mass deployment," the guidance adds.

Advertisement - Article continues below

"It is additionally further recommended that organisations still using Internet Explorer 6 on the affected platforms upgrade to Internet Explorer 7. [It] has been warranted to work correctly with Spine applications such as CSA and provides additional security features over Internet Explorer 6."

Despite Microsoft's own recommendation that users upgrade to IE8, the NHS instead advises only the step up to IE7 recognition of the reality of just how out of date many public systems are.

The Guardian reports that three quarter of a million NHS workstations use the combination of Windows XP and IE6, and to this day all new web applications must be compatible with the combination.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/technology/33077/health-secretary-bans-pagers-from-nhs-hospitals
Technology

Health Secretary bans pagers from NHS hospitals

25 Feb 2019
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020