The U.S. Department of Homeland Security is warning computer owners to avoid using the Microsoft Internet Explorer browser due to an actively exploited vulnerability that could lead to “the complete compromise” of your computer.
The weekend, Microsoft said it was aware of “limited, targeted attacks” against its Internet Explorer 6, 7, 8, 9, 10 and 11 browsers. A successful attacker can use a vulnerability in the software to gain user-level access to your computer, allowing them to steal data and infect your computer with more malware without your knowledge. How? Your computer is infected when you view an altered web page or an HTML email message or attachment. Microsoft has not yet released a fix for the vulnerability, nor explained how the vulnerability is being targeted.
According to cybersecurity firm FireEye, hackers seem to be targeting U.S. companies in the financial and defense industries. “It's unclear what the motives of this attack group are, at this point,” explains FireEye spokesperson Vitor DeSouza. “It appears to be broad-spectrum intel gathering.”
While most of our computers are unlikely to have the “intel” this advanced group of hackers is craving, it’s only a matter of time before the use of this vulnerability spreads. That’s especially true for computers running Windows XP, which are no longer being supported by Microsoft and will not receive a security fix for this issue.
If your computer runs Windows 7 or 8, you should discontinue use of Internet Explorer immediately and until this vulnerability is patched. In the meantime, we recommend using the Google Chrome or Mozilla Firefox browsers. Firefox was just named ‘the best web browser’ by Techlicious just last week, in part for its security features. You can also disable Adobe Flash, as this threat is believed to have a Flash-based delivery component.
If your computer runs XP, you should also discontinue use of Internet Explorer immediately. We further suggest taking the time to replace your computer with a more secure device if you can – Microsoft is offering deals for XP owners, and you can get a solid new Chromebook for under $200. The Sophos Naked Security blog suggests XP owners can also protect themselves by unregistering the IE extension VGX.DLL; details on how to perform this more intricate fix are available there.
[Risk button on keyboard via Shutterstock]