14 DAY TRIAL // Microsoft recently confirmed that a security flaw in Internet Explorer would allow an attacker to break into your computer unless you're using version 10 or 11 of the browser, claiming that all OS versions on the market are affected if they're not running these two builds.
Of course, the company has already started an investigation and promised to deliver a fully-working fix in the coming weeks, most likely on May 13 when Microsoft releases the next Patch Tuesday rollout.
The United States Homeland Security department issued a warning this morning to recommend everyone to apply Microsoft's workarounds in order to stay secure, while also telling Windows XP users to switch to a different browser such as Google Chrome or Mozilla Firefox.
“US-CERT is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer. This vulnerability affects IE versions 6 through 11 and could allow unauthorized remote code execution,” the notification posted this morning reads.
“US-CERT recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds. Those who cannot follow Microsoft's recommendations, such as Windows XP users, may consider employing an alternate browser.”
Microsoft said in an advisory released yesterday that it's aware of a number of attacks aimed at users who are running Internet Explorer on their computers and explained that it's all possible through a website hosting malware designed to exploit the vulnerability.
As a result, the company is recommending users to avoid clicking on suspicious links coming from unknown sources and to try to upgrade to the two Internet Explorer versions that are currently protected against the flaw. Of course, Windows XP users are also advised to upgrade to Windows 7 or 8.1.
“The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website,” Microsoft said.
Windows XP will no longer receive updates as part of Patch Tuesday rollouts, so users still running this OS version should indeed consider switching to a different browser or upgrade their computers.