Internet Explorer Exploit Discovered (April 2014)

ByCraig Haley

ie-warning

Update at end of article.

Microsoft has announced what they refer to as a “zero-day exploit” threat that can affect those using the Internet Explorer web browser.

Zero-day essentially means that there is no patch (fix) available or even being developed when the threat was found.

An exploit is a threat that is much more dangerous than traditional malware. Malware relies on a user falling for a trap and installing malicious software on their computer, whilst hoping the antivirus software doesn’t pick up on it. An exploit, well, exploits a vulnerability in the user software (in this case Internet Explorer) and thus does not rely on a user falling for such a trap.

In fact this exploit can take effect just by a user merely navigating to an affected webpage. Whilst malware would need a user to download harmful files (or give them permission to download), the exploit does not require this.

If a user visits an affected webpage, it can potentially give a scammer the ability to execute code onto the user’s computer. That is not good.

At the time of writing, there is no patch available, but it shouldn’t take long, so make sure you install all of those Windows Updates when prompted to in the upcoming days. Until then be especially careful on what websites you choose to visit, if you use Internet Explorer (versions 6-11).

Naked Security has outlined some steps you can take to protect yourself from the threat until then which many cautious users may want to take (you’ll need to turn on Prompts for Active Scripting, instructions provided via the link meaning when you visit a website that uses Flash then you’ll be prompted for permission to run the webpage content.)

Or of course if you don’t already, you can opt to use another Internet browser, like Firefox or Chrome.

And for those XP users? If you’ll remember correctly, XP has no security updates coming, since it’s now unsupported. Meaning this is the first major security flaw that XP will [probably] never be protected against. For those users, you’ll need to unregister a DLL file called VGX. Don’t worry, Naked Security have instructions on how to do that as well on the same webpage.

(And just a reminder for those XP users, these flaws get discovered all the time, and for every one that gets uncovered, that’s another hole in an already sinking ship called XP. So it may be time to start seriously thinking about changing that operating system! Sorry!)

Update:

Microsoft have opted to release an “out-of-cycle” patch for this vulnerability. This means that security patch has been released earlier than “Patch Tuesday” (the second Tuesday of each month when Microsoft usually release their updates) All users are recommended to install the patch update as soon as possible. Go to Control Panel and Windows Update to download and install all pending updates.

Keep up-to-date with all our latest articles. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)