Security exploit found in Internet Explorer
Over the weekend a vulnerability was found in Internet Explorer and is serious enough that the Department of Homeland Security has advised users of Internet Explorer versions 6-11 to stop using it until a security patch is developed.
From the US-CERT (United States Computer Emergency Readiness Team) website:
“US-CERT is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer. This vulnerability affects IE versions 6 through 11 and could allow unauthorized remote code execution.”
“US-CERT recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds. Those who cannot follow Microsoft’s recommendations, such as Windows XP users, may consider employing an alternate browser.”
Internet Explorer for XP users most likely will not be getting the security update.
Microsoft officially stopped supporting Windows XP earlier this month which puts XP users at an even higher risk. If you are still using Windows XP it is highly recommended that you upgrade your operating system to at least Windows 7. Even then, until there is a patch that fixes this security bug, you should also install a different web browser.
What to do now?
While the bug can potentially affect users of IE 6-11, it is currently targeting IE 9-10 according to Fireeye, the security company the discovered the flaw. Also, the bug relies on Adobe Flash so Fireeye says disabling the Flash plugin within IE will prevent the exploit from functioning. If you need to use Ineternet Explorer, at least disable Flash. Security while you’re online is an extremely important thing to remember. That is another reason Google Chrome is our favorite web browser and why we recommend you download a different browser.
UPDATE 5/1/14
Microsoft has released a security update as of 5/1/14 at 10pm PST. If you have Automatic Update enabled, you do not need to take any action. Your browser will receive the update automatically. If you don’t have Automatic Update enabled, now is a good time to enable it; otherwise you should go in and manually run the update to make sure your browser is secure.
Good news for Windows XP users too. Even though support has officially ended for Windows XP, they have included it in this security update.
From the company’s TechNet blog:
“We have made the decision to issue a security update for Windows XP users. Windows XP is no longer supported by Microsoft, and we continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1. Additionally, customers are encouraged to upgrade to the latest version of Internet Explorer, IE 11.”