Serious vulnerability affects all versions of Internet Explorer -- XP users especially at risk
In a security alert released over the weekend, Microsoft warns of a serious vulnerability in Internet Explorer that could allow hackers to remotely take over a computer.
The vulnerability makes it possible to execute code remotely and affects Internet Explorer 6 through 11, which is around a quarter of the web browser market. XP users, who no longer receive security updates from Microsoft, are going to be the most at risk from this flaw. If you know someone still on the aging OS, now is the time to give them another nudge to switch to a newer, and safer, choice.
In Security Advisory 2963983 Microsoft explains:
The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
Microsoft further explains that an "attacker who successfully exploited this vulnerability could gain the same user rights as the current user" and if that user is logged on with administrative rights, the attacker could take complete control of an affected system and "install programs; view, change, or delete data; or create new accounts".
Microsoft says it is investigating the issue, and will no doubt issue a patch shortly for users of its newer operating systems. In the meantime it suggests a number of workarounds including enabling Enhanced Protection Mode in Windows 7 (x64) and Windows 8.x, setting Internet and Local intranet security zone settings to "High", and deploying EMET (Enhanced Mitigation Experience Toolkit).
Naturally, using a different browser can help too.