Well, for anyone that has not ensured their machine has done a windows update yet, this is proven to be a very serious vulnerability that allows for the silent remote control and installation of malware onto your PC. It is localized to people using Internet Explorer from versions 6 to 11 and so if you end up browsing a malicious website that has been setup to take advantage of this bug you could be in trouble. So anyone who is using Internet Explorer in Windows XP up to and including Windows 8.1 will need to take notice of this issue to make sure you have all your updates applied. Looking at the current statistics of people using the Internet Explorer browser it seems to account for roughly 58% of the world’s desktop browsers meaning millions of people could be potentially vulnerable and affected.
So if you use Internet Explorer are your main web browser and have not patched it as of yet and you end of visiting a a malicious website, this bug leaves you vulnerable to what they call a “drive-by install”. That means malicious software (in the form of malware) can be installed onto your PC without your knowledge – and what is so dangerous about this bug is you don’t even have to click on anything on the website. All you need to do is just visit the site.
Once the software is installed, the people behind the website can silently take control of your computer. This would mostly mean malware getting installed, where the worst case scenario would be that all of your keystrokes are recorded and everything you do on your computer is monitored without your knowledge. Essentially this would leave you wide open to malicious people getting access to all of your information including usernames, passwords, and really any personal data you access on your computer.
Typically, you’d be directed to the website by a link in an email or instant message. The email may look like it is from someone you know and the website itself may even look like a website you normally visit. For instance, there have been reports of people getting an email from what looks like Facebook stating that you have Face Book Friend Request and when they click on the link in that email found themselves on a website, that resembles Face Book, but in the background the website is really exploiting the security bug in Internet Explorer and before the user get a chance to figure out something is wrong (remember you don’t even have to click on anything all you need to do is just visit the webpage) the site has installed malicious software on their PC silently watching and monitoring every keystroke and mouse click from then on.
Fortunately, Microsoft released one for all Internet Explorer browsers on May 1. Interestingly they also included a patch for Internet Explorer running in Windows XP. If you remember back in early April Microsoft officially ended any support for Windows XP stating that there would be no official updates or patches urging anyone using XP to upgrade. So their move to patch this vulnerability in XP gives credence to how many people still use XP and still use Internet Explorer. So for anyone running windows, if you have automatic updates turned on, the patch should install automatically. Otherwise, you would want to open Windows updates to manually start an update check.
To further protect yourself against any future threats, make sure you have auto-updates turned on. Keeping in mind that many times security updates are not applied immediately after a vulnerability or bug is detected where sometimes it can take many days before the fix is pushed out to everyone.
Also, I would highly recommend considering using another web browser, such as Mozilla Firefox or Google Chrome. Either of these two alterative browsers have fast update periods and sometimes better security. Chrome in particular, is my browser of choice with its built-in malware protection. It also has safe browsing technology enabled by default and will show you a warning message before you visit a site that is suspicious. Chrome also automatically updates along with any of the plugins it is using, so you always have the latest and most up-to-date version.
Chrome can be downloaded and installed for free at: http://www.google.com/chome
Firefox can be downloaded and installed for free at: http://www.mozilla.org
If you don’t want to stop using IE, and you can’t tell you have the patch installed there is still a way to ensure you’re not exposed while browsing the web. Ever since IE10, the browser has offered an Enhanced Protected Mode (EPM) and in that mode you won’t be vulnerable to this particular security bug. To enable it you go into your Internet Options and under Security you will see an option to Enable Protected Mode. By checking it and enabling it you won’t be vulnerable to this particular bug.
Another alternative is to disable Adobe Flash. Disabling IE’s Flash plug-in will stop the vulnerability— although that will also render your browser powerless to play Flash videos and games.
Finally, you can avail of free software utility offered by Microsoft called the “Enhanced Mitigation Experience Toolkit”. When installed this utility helps find and prevent security vulnerabilities within software running on your PC.
You can find it at : http://bit.ly/emet2014
Also, you really want to exercise caution when visiting websites (since malicious sites can mask themselves as common ones) and avoid clicking suspicious links in email messages even from people or companies you are familiar with. If you do get an email from Face Book or Twitter go to your web browser’s bookmarks or favourites instead as a way to logging into to your online accounts.
Leave a Reply