What You Need To Know And Do About The Latest Internet Explorer Security Threat

Microsoft has warned users of security flaw in the company’s Internet Explorer browser that could allow hackers to take “complete control” of a user’s computer.

Cover image via mshcdn.com

Microsoft Rescues 'Unsupported' XP Users With Emergency Fix For Critical IE Bug

Microsoft has reportedly fixed the infamous 'zero-day exploit' in Internet Explorer even for Windows XP which is no longer supported by the American company. The bug allowed hackers to install malware on one's computer without permission, and allowed hacker to steal user's personal data, track online behavior, or gain control of the computer, CNET reported.


Usually, Microsoft issues security patches on every second Tuesday of the month but because of the severity of the bug, the patch was released on last Thursday, the report added. Microsoft has issued a patch for the Windows XP users as well; however, the company has ended the support for the OS.


Microsoft has admitted to a huge vulnerability in Internet Explorer that allows hackers to set up malicious websites in order to gain complete access to visitors' PC

The flaw could potentially allow hackers to remotely execute code, which means an intruder could install programs and mess with your data without your knowledge

Image via businessinsider.com

According to a confirmation by Microsoft late last night, a new zero day vulnerability has been found to affect every version of Internet Explorer. In other words—over a quarter of the entire browser market. Attacks taking advantage of the vulnerability are largely targeting IE versions 9, 10, and 11 in something called a "use after free" attack. Essentially, the attack corrupts data as soon as memory has been released, most likely after users have been lured to phony websites.


In a blog post, Microsoft explains:

The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.


The flaw is particularly hazardous on computers running the recently-discontinued Windows XP operating system

Image via forbes.com

Microsoft ended security support for the 12-year-old software in April, warning users that the lack of updates would put computers running XP at severe risk to hackers and viruses.


What to do in order to protect yourself from the flaw?

Image via wordpress.com

In order to protect yourself from the flaw — dubbed "Operation Clandestine Fox" by security firm FireEye — the best thing you can do is stop using Internet Explorer until Microsoft patches it. Other browsers, such as Google Chrome and Mozilla Firefox, don't have the problem, and you can export your bookmarks and other settings to those browsers very easily.


If you don't want to stop using IE, there are ways to ensure you're not exposed while browsing the web. Ever since IE10, the browser has offered an Enhanced Protected Mode (EPM). You won't be vulnerable to the bug with EPM enabled, according to FireEye, and it's listed as one of the workarounds Microsoft recommends on its explainer page. The following video explains how to do it:


You can also disable Adobe Flash. Disabling IE's Flash plug-in will stop the bug cold, FireEye says — although that will also render your browser powerless to play Flash videos and games.


According to NetMarketShare.com, the vulnerable Internet Explorer versions make up more than 56% of the browser market

Image via gannett-cdn.com

Those who use the estimated 300 million machines running Windows XP won’t even be getting a fix: Microsoft stopped supporting XP on April 8, meaning there won’t be software updates. (Microsoft does offer a separate “ toolkit ” to help shield computers from hackers and says that software can mitigate attacks in this scenario.)


Whether or not Internet Explorer was already dead depends on which data you look at. NetMarketShare says Internet Explorer dominates the browser world, reigning over 58% of the market, with Google’s Chrome and Firefox near-tied at 17%. Other estimates, though, give Internet Explorer a lot less love. The web development site W3Schools.com estimated that Chrome ran on the lion’s share of devices in March, at 58%, with Firefox trailing at 26% and Internet Explorer sitting at less than 10%.


Microsoft, in the meantime, is scrambling to fix the bug. However, the company will not issue a fix for web browsers running on Windows XP after it formally ended support for the 13 year old OS on 8 April 2014

While informed users should therefore be able to avoid attack until Microsoft issues a fix, Windows XP users have no light on the horizon. Microsoft has confirmed that no fix will be rolled out for Windows XP because support has officially ended and there are no plans to make an exception.


It states: “An unsupported version of Windows will no longer receive software updates from Windows Update. These include security updates that can help protect your PC from harmful viruses, spyware, and other malicious software, which can steal your personal information.”


Also, sensing the seriousness of the bug, the US and UK governments has raised an alarm: Stop using IE

Image via cbsistatic.com

While the Computer Emergency Readiness Team in England and the US regularly issue browser advisories, this is one of the few times that the CERT team has recommended that people avoid using a specific browser.


In a rare move that highlights the severity of the security hole in one of the Web's most popular browsers, the US Computer Emergency Readiness Team and its British counterpart tell people to stop using Internet Explorer until Microsoft can fix it.


Other related stories on SAYS: