Views 831

Cisco's WebEx Extension Leaves Your PC Open To Attackers


Network Security is critical to the success of every business. Everyday there are new security vulnerabilities discovered all over the internet. Teams of attackers are positioned around the world dedicating their days to finding holes in software and hardware. At the same time security experts are searching for ways to patch all these holes before the attackers exploit them.

Before we go into detail about the latest threat we have been informed of, we need to urge all readers who use WebEx to upgrade to the latest version immediately! This week 's report hits close to home because attackers have found a way to reach victims through the popular online meeting software 'WebEx '. Travis Ormandy discovered a flaw in the chrome extension that basically leaves your computer wide open to attackers. People using WebEx versions older than 1.0.3 could allow attackers to attach a 'malicious string'to the end of the web address. This 'malicious string'allows the attacker to remotely activate the WebEx browser extension. Once this is activated it acts as a doorway for the attackers to send malicious attacks to your PC.

webex shot

Because of the severity of this threat we need to again make sure all users who use WebEx to upgrade to the latest version immediately within Google Chrome 'Internet Explorer and Firefox have blocked WebEx. To resolve the issue, type chrome://extentions into your address bar for Google Chrome. Scroll down and find the cisco web extension. To the right of the WebEx icon make sure it says 1.0.5 to signify you are on the latest version.

Three things can be done if you see you are running an older version. First, you can simply uninstall the older version, then go to the Chrome Web Store and get the correct version. Second, you can go to chrome://extentions and select the 'developer mode'box in the top right hand corner. This makes the 'update extension now'button available. Select this in order to get on the newest version. The third option is to just not use the extension at all. WebEx offers a downloadable temporary desktop app each individual time you want to start a WebEx session. This will be more time consuming, but more secure from extension threats like discussed in the blog.

Network security can make all the difference when it comes to the success of your business. We urge you to stay up to date with the ICS Blogs and keep everyone on your workforce up to speed with information regarding these types of threats

If you have any questions, please feel free to contact us at: (201) 720-3775

We Offer:

  • Microsoft Silver Certified Partner
  • Dynamic Support | Managed IT
  • Cloud Computing for Business
Our NJ Services AreaOur NJ Service Area
Contact Sales: 201-280-9160