It feels like the world just finished getting over Heartbleed, but now a new threat to world internet security has been announced. This time, Microsoft is working to patch the problem as quickly as it can.
The bug means that anyone running Internet Explorer versions 6 through to version 11 could have their whole computer system compromised if they visit the wrong website.
Now, just to calm the nerves, that’s not saying that you’re in immediate danger. The hack required to take advantage of this bus is pretty sophisticated. Then you, as a browser of the internet, have to actually choose to go to a malicious web page. Don’t make that choice and you’ll be fine.
The security hole was announced over the weekend by FireEye, an internet security firm.
“Threat actors are actively using this exploit in an ongoing campaign,” the company wrote in a release with their findings. “We believe this is a significant zero day as the vulnerable versions represent about a quarter of the total browser market.”
Zero day refers to the discovery of a vulnerability in a system that malicious people are already exploiting but that developers have not had an opportunity to patch.
The bug allows an attacker to make a website using a special piece of code that will corrupt memory in your computer. It will then use that corrupted memory to execute arbitrary code that normal security measures would prevent.
In Microsoft‘s words:
The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
But that’s not the bad news.
The bad news is that Microsoft just announced it is no longer supporting Windows XP. That means versions of Microsoft Internet Explorer that are running on Windows XP instead of a more modern operating system are unlikely to get the needed update to patch the vulnerability.
Security firm Symantec wrote in their notice to users that this is a first for the generation of PC owners who are using Windows XP.
“This will be the first zero-day vulnerability that will not be patched for Windows XP users, as Microsoft ended support for the operating system on April 8, 2014.”
Mashable’s research indicates that as much as 58 per cent of the world’s web browsers could be Internet Explorer.
So what can you do in the mean time? Several things, in fact.
First: Download a different web browser and use it. Who knows, you may even find you like it better than Internet Explorer. Firefox and Chrome are the two favourites among people who spend their lives online.
Second: Be smart about your browsing life. The only way you’ll find yourself on one of these malicious sites that wants to take over your computer is if you follow a link there. These links are often delivered to you via social media or email. Don’t click on anything suspicious looking, anything that looks unsolicited or anything that even feels a little bit fishy. If you have questions, go back to the source and ask if it’s safe. Don’t trust the words of people you don’t know. Be cautious.
Otherwise, you should be fine. Happy Zero Day!
