Microsoft released a security advisory on Saturday that offers information about a recently disclosed vulnerability affecting all versions of the company's web browser Internet Explorer.
Microsoft is aware of limited attacks targeting Internet Explorer, and that a successful exploit of it allows remote code execution on the affected system.
According to the information, users need to visit a malicious website for that to happen, which usually happens when users click on links in emails, but also other websites that link to the exploit pages directly.
What's interesting in this regard is that Internet Explorer 6 to Internet Explorer 11 are affected by this, but that attacks seem to concentrate on IE9 to IE11 currently.
While that is the main target right now, the situation looks dire for Windows XP users as a patch won't be released for the operating system.
This means in effect that Internet Explorer should not be used anymore on that system.
It is possible to mitigate the attack, and you have several options to do so.
Don't use Internet Explorer until it is patched. This is the most obvious choice but it may not always be possible depending on your work environment. But if you can run other browsers on your system, use them instead for the time being. Firefox is a great choice.
Enhanced Protected Mode
If you are using Internet Explorer 10 or 11 with Enhanced Protected Mode enabled, you are safe as it breaks the exploit. To check if it is enabled on your system do the following:
Microsoft Enhanced Mitigation Experience Toolkit
Microsoft's EMET versions 4.1 and 5.0 (currently available as a Tech Preview) break the exploit as well. Note that Emet 4.1 is compatible with Windows XP Service Pack 3 while version 5.0 is not, as it supports only Windows Vista and newer.
All you have to do is install the program on your system to protect it against the vulnerability.
According to security company Fireeye, disabling Flash in Internet Explorer will prevent the exploit from functioning as well as it appears to require Flash for its proper execution.
To disable Adobe Flash in Internet Explorer, do the following (this is demoed using IE11, other versions may vary)
Alternatively, uninstall the Internet Explorer Flash plugin using the Control Panel.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.