You may have heard in the last day or so about a critical flaw found in Internet Explorer. Microsoft says that “the vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.” The risk is mitigated if you run an account with fewer privileges or if you run IE in the High security mode. As always, you should ensure your machine is up-to-date with all of the latest patches at Microsoft Update (you can also find downloads at the Microsoft Download Center).
Unlike most zero day exploits, this one is actually infecting systems fairly quickly. That’s probably why Microsoft decided to take immediate action. As the Zero Day blog points out:
Researching, fixing, testing, and releasing a security patch within an eight day window is an incredible feat — especially given the need to support all versions of IE across all platforms and languages. This is an ‘all hands on deck’ response from Microsoft – I don’t think we’ll see this as the norm for less critical patches in the future as it is quite disruptive to their own processes.
Make sure you update soon! Like right now!
When a vulnerability like this is disclosed, a common suggestion is to install and use a different browser, such as Firefox. That’s not a bad idea, but don’t think that will solve all of your problems! All browsers have security issues. Yesterday, for instance, Opera released an update to address at least seven security vulnerabilities. And today, Firefox released updates to both versions 2 and 3 to patch roughly a dozen security holes. And no, Chrome and Safari are not off the hook – just two days ago, they tied for last place in a test of password security.
Always make sure you’re running the latest version with all patches installed, no matter which browser you’re using. On top of that, be careful, pay attention, and use common sense when clicking links and opening files.