How many are you still using Internet Explorer as the default browser? For Windows users, it must always be a struggle in using Internet explorer securely. The most recent issue about Internet explorer is addressed by Microsoft. This Monday Microsoft gave warning to the Internet Explorer users of two major flaws which affect version 9 to 11 of Internet Explorer. One of the flaws is known to be zero-day and it is facing a real attack being exploited by the hijackers. This means that Internet Explorer now is having a critical vulnerability that allows malicious actors to hijack the users running the program, especially the outdated one. When you hear this, if you are using Internet Explorer, you probably should stop right now.
What is zero-day vulnerability?
In cybersecurity, vulnerabilities mean unintentional flaws in a software program or an operating system. These flaws could be a result of errors in programming or configuring security. If nothing has been done to fix them, these vulnerabilities can allow cyber hijackers to exploit the program.
what is zero-day vulnerability? Zero-day means that the vulnerability in the software has just been found or it means that the software developer has just known the existence of the flaw. This causes the patch to fix the vulnerability that has not been made or released yet. To simplify, zero-day means that the developers have zero days in fixing the issue and the problem has a probability to be exploited by malicious actors. Now, what about the zero-day attack? This may happen if the software developer has not fixed the flaw or make the patch but hackers have abled to exploit the vulnerability.
The security risks of software vulnerabilities
This is how it works, hackers will create code with the target is a security flaw and they will make a malware named zero-day exploit. The malware will use the vulnerability and disturb the system resulting in unintentional behavior. When the system in your computer is affected by malware, it will steal your data and take control of your computer.
In their Warning, Microsoft explained that the vulnerability is corrupting memory to some extent that enable a hacker to perform arbitrary code in the context of the computer user. This means that if a hacker can exploit the existing vulnerability, the actor is possessing the same rights as the current computer user.
Microsoft then explains further that if the current system user is logged on as an administrative user, then the hacker who succeeds in exploiting the vulnerability will be able to take control of the systems that are affected by the malware. This will result in the ability of the attacker to install programs, view or change or even delete data, and create a new account with user rights.
It is stated in Microsoft’s warning that in the web-based attack, a hacker can host a website that has been specially crafted to exploit the vulnerability through Internet Explorer. The malware will try to persuade users to view the web. This can also be done by sending an email to the users.
Stop using Internet explorer
Discontinuity of Internet Explorer as a web browser is not only this time being stated by people from Microsoft. Early this year, in February, a cybersecurity expert from Microsoft wrote a post on the official Windows IT pro Blog that it is now time to stop the use of this old web browser. This product itself was discontinued in 2015. He stated that Internet Explorer is a compatibility solution, better not using it as a default browser. In his opinion, the use of Internet Explorer only when necessary such for searching certain enterprise solutions but he wants us as web users to not using it to avoid missing out on the larger portion of the web.
Next in April this year the warning came from one of the security researchers from Microsoft, who warned us that it is not enough to stop using it, you should also delete it from your computer. You do not have to use it, even simply by having it on your computer opens the possibility of having your data stolen by hackers.
The most recent warning reminds us that there is no need to keep Internet Explorer with you as all you have to do is open a crafted website containing, malware and it is over for you and your computer. Thanks to Clément Lecigne from Google’s Threat Analysis Group for the achievement in finding the vulnerability. The fix for the vulnerability is available, but it is manually done, so it is time now to move on and use Firefox as your browser instead.