A new flaw in Internet Explorer

IfIE Internet Explorer (IE) is your default browser you need to be aware of a new zero-day vulnerability.  A zero-day vulnerability can be thought of as a security hole in software where a fix is not yet available.  On Saturday Microsoft released a security advisory for a threat against IE affecting versions 6 through 11.  The flaw could allow attackers to gain access to a user’s computer under the same rights as the user.  For example, if the user has administrative rights and the computer is compromised the attacker would also have those elevated rights.  

What is the risk?

The attackers create a malicious website which exploits the vulnerability.  They then need to lure the user to the website.  This can be done using phishing techniques or even embedding malicious links within advertisement windows found on many websites.  The user takes the bait and clicks on the link using IE.  The attacker can now gain access.

Actions you can take

Until a fix has been released minimize your use of IE.  Use an alternate browser especially when surfing the web.  It is also a good idea to change your default browser to something other than IE.  If IE is your default browser and you click on a link by mistake that points to a malicious website which exploits this flaw you will be at greater risk for your system to be compromised.  You may have IE as your default browser because you use specific applications that work best using IE. You can continue using these applications as long as you trust them.   Consider making these applications part of your favorites bar in IE.  All you would need to do is open IE and click on one of your favorites.

You can read the full Microsoft advisory here.

Christina Bonds

Christina Bonds

Christina Bonds is an Application Developer in the Web Technology department at Elon University.

More Posts

This entry was posted in Technology@Elon, Security and Safe Computing. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Both comments and trackbacks are currently closed.