14 DAY TRIAL // Back in January, Microsoft ended support for older versions of Internet Explorer, so right now, only IE9 (on Vista and Server 2008), IE10 and IE 11 are getting patches from the company. In other words, older versions can easily become vulnerable to attacks when new security holes are found.
And this has already happened (via CW), as this Patch Tuesday Microsoft rolled out an Internet Explorer security update to fix flaws affecting all versions of the browser. But as promised, only the latest ones are getting patched.
MS16-009 (Cumulative Security Update for Internet Explorer KB3134220) fixes critical security flaws in Internet Explorer 9 and newer, so if you’re still on an earlier version, then you’re in danger.
Double-check every link coming from unknown sources!
Microsoft explains that the remote code execution flaw can only be exploited once a user loads a compromised website in an Internet Explorer version that’s vulnerable to attacks and isn’t running the patch.
“An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” the company says.
When you install this update, it modifies the way Internet Explorer handles objects in memory and corrects how it parses HTTP responses while also double-checking to make sure that cross-domain policies are properly enforced, Redmond adds.
In case you’re wondering, Windows 10 is getting this patch too, and despite the fact that you might be using a third-party browser or even Edge, installing the update is still mandatory. Some apps might still be using Internet Explorer to access the Internet, and without the patch, this could make your computer vulnerable to attacks.