New Vulnerability Affects All Versions Of Internet Explorer
A newly vulnerability in Internet Explorer is creating a potential field day for hackers:
Hackers are already at work exploiting a newly discovered flaw in Microsoft’s Internet Explorer that has left more than half of the world’s Web browsers vulnerable to attack, including those on many federal government computers.
Microsoft said it was aware of “limited target attacks” in a security advisory posted Saturday. The flaw affects Internet Explorer versions 6 through 11. However, hackers are mostly targeting versions 9 through 11, according to the security firm FireEye, which discovered the flaw.
The most vulnerable versions represent 26 percent of the total browser market, according to FireEye, which has termed the repeated assaults “Operation Clandestine Fox.” But that number jumps to about 56 percent when you include IE versions 6 through 8.
This is what is known as a “zero-day” threat because there was zero time between the discovery of the vulnerability and the first attack by someone exploiting it.
Not every vulnerable Web browser has been compromised. To exploit the vulnerability, hackers have to trick users into taking some sort of action such as clicking on a link or opening an e-mail attachment.
The flaw relies on a well-known flash exploitation technique to bypass Windows security protection. Once the bad guys are in, they can install malicious software without users knowing.
Microsoft says once it finishes investigating the issue it will issue a fix for the problem, either in a monthly security update or a special security update.
Until the patch is released, using a different browser such as Chrome, Safari or Firefox is good idea.
Brian Resnick notes that this presents a particular problem for the United States Government:
Over the weekend, Microsoft announced a huge security flaw in its Internet Explorer Web browser (in versions IE6 through IE11). “An attacker who successfully exploited this vulnerability could gain the same user rights as the current user,” Microsoft wrote in its advisory.
In response, the Homeland Security Department issued its own memo, advising computer users within the federal government to “consider employing an alternative Web browser,” seeing that the vulnerability “could lead to the complete compromise of an affected system,” which is not desirable.
A vulnerability like this is especially bad for the U.S. government, which tends to cling to older technology. That’s not to say that Internet Explorer is an “old” technology; it’s updated regularly. But it is losing market share, asNational Journal‘s Stephanie Stamm demonstrated in the graphic posted below. The browser also causes headaches for developers, because it renders Web pages differently than other browsers do. It also has a history of security glitches. Generally speaking, it’s thought to be the Hotmail of Web browsers.
Why anyone is still using Internet Explorer is one of those things that I’ve never been able to figure out. Nonetheless, if you are one of those people, consider this a good opportunity to jump ship to Chrome, Firefox, or Safari.