Microsoft has recently come out with an advisory warning about a vulnerability in its Internet Explorer. The vulnerability has been discovered in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.
The Vulnerability and Hackers:
The flaw has brought Microsoft Internet Explorer under attack from hackers around the world. It is a remote code execution vulnerability.
A trap is set by the hacker to trick its target to visit a website. The website is specially designed with an ActiveX control that loads on user computer.
The ActiveX control loads in the memory of the user’s computer exposing the security hole.
The hacker steals the user rights through the ActiveX planted on the target machine. The user rights and information is transferred to the hacker and he can use this information to take over the targeted computer.
There are around more than 40% of users who use Internet explorer among other browser according to statistics provided by Statcounter. So the target base is big enough for the hackers. Thus proper precaution need to be taken to defend against the Internet explorer vulnerability.
An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker’s website, or by opening an attachment sent through email.– Microsoft
How can you save your laptop/pc:
Microsoft is investigating this zero-day vulnerability wherein the attack and vulnerability were discovered on the same day. They would fix this vulnerability through a security patch to be released soon.
The higher the users privilege the attacker will avail the same so use a minimal user rights account to browse internet. A hacked administrator account will give full control of your system to the hacker. You can defend your system by using some workaround till you get security patches from Microsoft.
Who is safe from the attack and who will not be safe?
Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability. So these systems may be less prone to attacks.
Microsoft has ended support to its Windows Xp Operating so it will not get any security patches for this vulnerability.