IE Threat – Take this Seriously Especially if You Are Using Windows XP.

When the U.S. Department of Homeland Security issues an alert for computer software, it’s serious. A new vulnerability in Internet Explorer allows hackers to set up malicious websites to gain complete access over a users computer using Internet Explorer version 6 to 11.  Simply put, If you’re using Internet Explorer and click on the wrong link, a hacker could hijack your computer, install viruses, steal private information, gain access to your email, and more. 

Microsoft is racing to address this threat that security experts at FireEye revealed last weekend. Cybersecurity software maker FireEye Inc. warned that a sophisticated group of hackers have been exploiting the bug in a campaign dubbed “Operation Clandestine Fox.

How it Works

Hackers set up a website that installs malware when you visit it. If you visit the website while using the Internet Explorer program, malware seeps into your computer and gives a stranger complete control, and you might not even notice. The nature of the threat, however, means users won’t instantly be compromised simply by using Internet Explorer. Users would have to click on an attacker’s website or access malicious links.  In a statement Microsoft states, “An attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker’s website.”

Further to that, if you are still using Windows XP there is no remedy. Microsoft stopped supporting Windows XP on April 8th, 2014.  Now XP users are facing the first serious security flaw that will not be fixed (patched) by Microsoft.

Get updates at Microsoft Internet Security Page.

So you could be affected by one or both issues, browsing the internet with Internet Explorer and/or having Windows XP as your operating system.

Internet Explorer

If you are using Internet Explorer as your web browser you have three options;

1. Switch to Google Chrome, Firefox (or another browser). Seriously, if you are still using IE and have not explored the extensive benefits and features of other browsers it’s time to do your research.  Each browser has unique features such as add-ons and apps that are suited to different types of use. I personally favour Google Chrome which is consistently a leader in terms of interface design, speed, and functionality.  Firefox has recently released a new version that is worth consideration. See PC Magazine article for recent  research. (Keep in mind this was released in March, before this vulnerability was discovered).

Following is a graph from StatCounter showing Browser use in Canada for 6 months – October 2013 to March 2014. It will be interesting to see what the next 3 months look like!

StatCounter-browser-CA-monthly-201310-201403

2. Microsoft will issue a patch asap. It should be available sometime during the first two weeks of May. If you have automatic updating enabled you do not need to take any action because this security update will be downloaded and installed automatically. In the meantime switch to an alternate browser or follow steps below. If you have not enabled automatic updating check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

3. In the meantime…..

Take steps that protect your PC such as enabling a firewall, applying all software updates, and installing antivirus and antispyware software.

  • Exercise caution when visiting untrusted websites. Avoid clicking suspicious links or opening email messages from unfamiliar senders, which could send you to a malicious website that delivers malware to your computer.
  • Turn on “Enhanced Protected Mode” in Internet Explorer 10 and 11. Some versions of Internet Explorer have this setting on by default. To turn on Enhanced Protected Mode: Click on “Tools” in the Internet Explorer task bar and then “Internet Options.” Click on the tab “Security,” and then check the box for Enhanced Protected Mode.
  • Download and install EMET 4.1, a Microsoft security tool, for an additional layer of protection.

As criminals become more sophisticated, it is imperative to keep current with software that has the latest security protections built in. Modern browsers and operating systems have greater security features than older systems.

You Should Know by Now – Don’t click on suspicious links. This applies to all web browsers.
Avoid odd looking URLs  and don’t open emails from anyone you don’t know or even suspicious seeming emails from someone you do know. If you accidentally open an email that contains suspect attachments or links, don’t click on any of them.

Windows XP

If you are using Windows XP it’s time to upgrade as Microsoft is no longer supporting Windows XP so there will be no patches for security threats.

Windows XP users should simply STOP using Internet Explorer because the Microsoft patch will not apply to XP. For those who absolutely must remain on Windows XP a slight extension is available using Google’s Chrome browser. Google said Chrome will continue to support Windows XP at least until early 2015. Beyond that – no option – time to update your operating system.

Share This