A security flaw has been discovered for the hugely popular web browser, Internet Explorer. The vulnerability affects all versions of IE, from version 6 through the most recent release, IE 11.
Though the number of reported attacks has been few so far, the sheer potential for serious breaches in security is staggering. Over 50% of the global browser market share belongs to various versions of Internet Explorer.
This means that most people who browse the internet are vulnerable to the flaw.
How it Works
The vulnerability has to do with memory usage and is exploited in conjunction with another well-known technique involving Flash. Using these vulnerabilities, an attacker is able to ignore advanced security measures already in place, like Windows data execution prevention (DEP) and address space layout randomization (ASLR).
This means that a successful attack gives the attacker access to run whatever code he chooses on the victim’s computer. Any personal information stored on the computer is at risk.
The applications for an enterprising hacker are endless. FireEye, the cybersecurity company that discovered the flaw on Saturday, reported that the vulnerability is being used to target financial and defense organizations in the US.
Protecting Yourself
So, what does this mean for you? As of right now, it is very risky to browse the web using Internet Explorer, especially if you’ll be visiting sites that you’re unfamiliar with.
Microsoft has offered several suggestions for mitigation of the vulnerability’s effects, though none are 100% safe as of right now. In the coming weeks, Microsoft will be working on a patch that corrects the issue completely.
One suggestion that will keep you safe until that patch comes out is to use a different browser. We understand that it’s simply not possible for many companies to switch browsers at the drop of a hat. For those unable to switch, read Microsoft’s Security Advisory carefully and do all you can to keep your company safe.
If you’re looking for a browser to use on your personal computer in the interim, both Google Chrome and Mozilla Firefox are not affected by the vulnerability and are great alternatives to IE.
Windows XP Users Beware
One very serious side effect of the discovery of this vulnerability is that Windows XP is now, without a doubt, the most unsafe operating system in use today. This is because, as some may already know, Microsoft is no longer providing security updates for XP.
This means that the recently discovered IE vulnerability will never, ever, be officially patched. The vulnerability will remain a viable method for attackers to target any computer using XP.
If you were looking for a compelling reason to ditch XP and grab a newer version of Windows, this is it. XP’s giant share of the global operating system market means that many people are still using the OS and will be for quite some time, despite its gigantic security flaws.
Do what you can to upgrade from XP as soon as possible. West County strongly recommends upgrading to Windows 7 or Windows 8. If your business needs IT support, feel free to contact us.