Security Firm FireEye announced this weekend the discovery of a “zero day” vulnerability in most versions of Internet Explorer.
The vulnerability allows a malicious website or advertisement to use Adobe Flash with Internet Explorer to run code on users’ machines. Hackers are able to lure users to click on a link directed at an attack website, which then gives hackers control over the user’s PC, according to a Microsoft security advisory.
“An attacker who successfully exploited this vulnerability could gain the same user rights as the current user,” the Microsoft security advisory states. “Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
This is the first major bug in Windows XP that will not be patched by Microsoft.
This is the start of the “XPocalypse.” Those still running XP are urged to stop using Internet Explorer. Installing Chrome or Firefox won’t keep users safe forever, but it will buy time.
For supported versions of Windows, Microsoft should have a patch out no later than May 12. In the meantime, you can protect yourself by:
- Using an alternate web browser like Chrome of Firefox. Internet Explorer may be needed for some internal applications that only support Internet Explorer.
- Disabling Adobe Flash in Internet Explorer.
- Installing the Enhanced Mitigation Toolkit, version 4.1, from Microsoft: https://support.microsoft.com/kb/2458544
Have a question? Contact us!