Consumer alert: Microsoft announces Internet Explorer security flaw

UPDATED May 1, 2014. See below.

alertYesterday Microsoft announced a security flaw in its Internet Explorer browser—one that could be particularly troublesome for those consumers running the no-longer-supported Windows XP operating system.

The tech website The Verge summarizes the problem well: “…a vulnerability in all versions of Internet Explorer (6 through 11) could let hackers gain full user permissions over your computer, allowing them to install programs, view and delete data, and much more simply by visiting a website.”

This security flaw is, unfortunately, not a theoretical one. Microsoft reports it “is aware of limited, targeted attacks” that attempt to exploit the vulnerability. And, because Windows XP is no longer supported, you won’t see a security patch for that system.

What should you do?

1. Use a different browser such as Firefox or Chrome.

2. Disable Adobe Flash. This will, according to one article, “stop the bug cold.” (To do this, go the Internet Explorer Tools menu. Then select Internet Options, then the Programs tab. You should be able to Manage Your Add-ons and change the setting to Disable any Flash/Shockwave page elements.)

3. If for some reason you HAVE to use Internet Explorer, you can try your hand at using Microsoft’s workarounds. One is, if you’re using IE 10 or later, enabling the Enhanced Protection Mode (if you’re in Windows XP, however, you can only use IE 8 and this won’t help you). If you’re feeling really fancy, you an also try to install some software called the Enhanced Mitigation Experience Toolkit (directions are included in the list of workarounds).

UPDATE:

Microsoft has released a security patch for Internet Explorer. Here are the details. To be sure you have the patch, make sure you have enabled Automatic Updates. If you haven’t, now is the time to change that setting! There are instructions from Microsoft on how to do that, if you don’t know how.

SaveSave

About TDS Security Team

The latest news and advice from the TDS Security Team.
No comments yet.

Leave a Comment