Microsoft released a security alert on Saturday, where the software giant reported that its Internet Explorer browser has serious vulnerability for malicious attack from hackers.
According to FireEye security researchers, the vulnerability exists from Internet Explorer 6 through latest IE 11, but the attackers are targeting IE9 through IE 11. This zero-day vulnerability allows hackers to gain access to your computer remotely, if you visit one of their malicious websites.
FireEye also mentioned that the firm has already found evidence of attacks using Flash player exploitation technique to remotely take over users computer.
Microsoft also takes this threat seriously and released the security alert, as it usually release whenever they found the vulnerabilities in their software. The company showed some workarounds such as deploying and configuring EMET 4.1 (Enhanced Mitigation Experience Toolkit) as well as recommended to set the Internet and local intranet security zone settings to “High”.
Some other basic workarounds also explained step by step in the release note. Read it here.
Microsoft promised to release the security update to all its browsers soon. But the sad part is, Microsoft will not release the security updates for the browsers running on Windows XP. If you use a PC running on Windows XP for your browsing activities, you have the only way out of this vulnerability – ditch it! We mean to say, ditch the operating system and go for at least Windows 7.
If you are using the latest IE 11 on your 64-bit Windows 7 or any Windows 8 systems, it’s better to enable the “Enhanced Protection Mode” and enable the 64-bit processes for the same. You will find it here: Tools > Internet Options >Advanced tab > scroll down to security section of the settings and mark the appropriate checkboxes.
Finding the hacker group behind the exploit, that participated in several browser-based attacks in the past, FireEye said:
The APT group responsible for this exploit has been the first group to have access to a select number of browser-based 0-day exploits (e.g. IE, Firefox, and Flash) in the past. They are extremely proficient at lateral movement and are difficult to track, as they typically do not reuse command and control infrastructure.
Be safe by following these temporary workarounds, until Microsoft release a patch. Stay tuned for more updates on this story.