We’re only getting over the Heartbleed crisis and already there is a new security flaw to worry about. This time, it’s Microsoft’s Internet Explorer browser in the frame and it’s even moved the US department of homeland security and the UK national computer emergency response team to advise users to look at ditching IE, even temporarily, for an alternative browser.
What is it?
Microsoft has discovered a flaw in its Internet Explorer browser that could allow malicious users to take over a person's computer. All they need to do is persuade users to click on a link that will send you to a malicious website to exploit the flaw.
“An attacker who successfully exploited this vulnerability could gain the same user rights as the current user,” Microsoft said on its website.
You may scoff and say you’d never do that, but what if the link looked genuine? Plenty of people are fooled every day into clicking on malicious websites through such tactics, and hackers are getting cleverer at covering the usual warning signs.
How many people have been affected by it?
It's difficult to say. The flaw itself can be found in IE6 all the way to 11 – the latest version – which means there are a lot of users out there who could be vulnerable. According to NetMarket Share , more than half of the world's PCs run Internet Explorer in some form. As of March, about 4 per cent of desktop PCs were running IE6, with 21 per cent IE8, almost 9 per cent IE9 and 7 per cent IE10.
Microsoft said it has already seen some targeted attacks, although it described them as “limited”.
The vulnerability comes only a matter of weeks after Microsoft ended its extended support for Windows XP, which means that some users of that operating system – which contained Internet Explorer 6 – would be vulnerable. It also affects Windows RT 8.1, which is the latest version of the operating system available. So everyone needs to be aware.
Should I be worried?
If you are the type of person to trust nothing online, probably not. But the rest of us should probably take a second look at our security setup – installing antivirus and other protections, for example – and how we behave online.
It’s got the security companies concerned enough to tell people not to use IE until the flaw has been fixed, ditto for the US government. If you’ve already switched browser, you’re probably safe – unless IE is still listed as your default browser in the system.
What do I need to do?
Until the flaw is patched, perhaps consider an alternative browser, such as Firefox or Google Chrome. The security update will be issued by Microsoft. If you are on XP, it's probably time to look at changing browser permanently. As mentioned, Microsoft is no longer actively supporting XP, which means no more patches. Chrome and Firefox are still being updated by Google and Mozilla – for the short term at least.
As an additional precaution, you should make sure your antivirus and other security software is up to date.
When will the patch be issued?
Microsoft is working on it. It said it would "take the appropriate action" to protect customers once it has finished looking into it. That may mean it comes through the regular security update process, which happens once a month, or what is described as an "out-of-cycle" security update, depending on customer needs.