A vulnerability in Microsoft’s popular Internet Explorer web browser can allow a “remote, unauthorized attack” on users’ computers, the company announced over the weekend via a Service Advisory. Although it is working to fix the problem, the company suggests “workarounds.”
Better Business Bureau emphasizes that these sort of exploits are the main reason to keep software up-to-date and apply operating system patches and updates when they are released.
Meanwhile, the U.S. Computer Emergency Readiness Team, a division of the Department of Homeland Security, is urging computer users to employ Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) if possible, or temporarily switch to a different browser until an official update is made available.
The “use-after-free” vulnerability can allow remote attackers to install code on a user’s computer without authorization. Versions 6 through 11 of Internet Explorer (IE) are vulnerable, and users who still have the Windows XP operating system are at greater risk because the company is no longer supporting the product.
Better Business Bureau is joining with security experts in recommending that IE users take the following steps:
- Download the EMET on your computer for additional protection (although it may not mitigate this particular vulnerability);
- Temporarily switch to a different web browser, such as Google’s Chrome or Mozilla’s Firefox
- Disable Adobe Flash, as the attack may not work without it.
Windows XP users should upgrade their operating system or disconnect the computer from the Internet, as the company no longer supports this version of Windows.