Zero-Day Exploit Surfaces Affecting All IE Users

Microsoft sign

Microsoft’s web browser, Internet Explorer, is among the most used browsers worldwide. It’s also trusted by a number of companies as their standard web browser. That’s why when exploits surface that allow attackers to victimize IE users, it’s big news. At PC Mag, Chloe Albanesius reports on the latest threat to IE, which is a zero-day exploit that allows for remote code execution.

The flaw in Internet Explorer allows attackers to remotely execute code when a user visits a malicious website specifically designed for this purpose. This typically happens when a user clicks on a link sent to them through a spam email or instant messenger. Potentially, an attacker could gain the same rights as the current user, which could lead to them being credentialed as an administrator on your own machine.

This potential exploit is said to exist in versions 6 though 11 of IE, which should account for at least 99-percent of active IE programs, if not all of them. So far, however, attackers are reportedly only targeting IE 9, 10 and 11, which would represent the bulk of IE users. Overall, this vulnerability affects about a quarter of all web browsers in use.

For IE 10 and 11 users, ‘Enhanced Protected Mode’, which runs by default unless changed by the user, helps to protect against this exploit. It should not be considered a fix, however. The only way to fully protect IE browsers would be to install a patch released by Microsoft. So far, no patch has been released.

In the meantime, users can use additional caution and avoid clicking any links or visiting any untrusted websites. Or, if possible, a different browser can be used until the IE security issues are fixed.

This is also a noteworthy exploit because it’s the first vulnerability that will not be patched for Windows XP users since Microsoft recently ended support for that operating system. Those users would be wise to use a different web browser for now and update to a different operating system as soon as possible.

If your computer falls victim to an attack, or you’d like to explore additional security options, call Geek Rescue at 918-369-4335.

April 28th, 2014