A security hole in Internet Explorer allows hackers to take complete control of your computer.
There is good news for affected users. All you have to do to solve your problem is what everyone else has been doing for years – not use Internet Explorer.
Fresh on the heals of Heartbleed’s debut, a security hole has been uncovered in all versions of Internet Explorer. Unlike the SSL security hole that Heartbleed slipped through, Bitdefender describes the IE attack as leveraging “a Flash exploitation technique that loads a SWF file to corrupt process memory and direct the program’s flow to a memory location where malicious code is laid out.” In layman’s terms, if you happen to visit the wrong website while using Internet Explorer, someone can take over your computer.
A security company called FireEye is credited with the bug’s discovery.
TechNet’s Security TechCenter warns that the security hole could allow hackers complete control of your computer.
If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Microsoft is deciding when to release a security patch, but that won’t matter for users of Windows XP. As of April 8, Microsoft stopped supporting XP; i.e. no security patch for IE. Users of Windows XP will have only one option to avoid hackers – stop using Internet Explorer. That, or update to a later operating system, like Windows 7. Although the Windows XP operating system is 13 years old and no longer supported by Microsoft, twenty percent of machines still use the outdated OS. That’s close to 300 million computers that are at risk with no hope of salvation.
FireEye says that the attacks, mainly directed at U.S. defense companies and financial institutions, have targeted IE 9 through 11. Windows XP runs up to Internet Explorer 8, but that doesn’t mean it’s not vunerable. The hackers’ campaign has been dubbed “Operation Clandestine Fox.”
Until Microsoft releases a patch, FireEye advises to disable the Adobe Flash plugin. This is the add-on that opens the security hole. Although Flash’s use is declining on the web, many sites still use it, and cutting it off could negatively affect your online experience. FireEye also suggests running your browser in Enhanced Protect Mode, but this option is only available for IE versions 10 and 11.
The Washington Post reports that close to ten percent of government computers still use Windows XP. This makes a warning by Carnegie Mellon’s Software Engineering Institute even more disturbing – “We are currently unaware of a practical solution to this problem.“
The easiest solution, especially for XP users, seems to be switching browsers. The security hole doesn’t exist in Chrome, FireFox, or Safari. Still, Internet Explorer accounts for over 50 percent of the browser market.
Image via Walpaperfo.