MS Warns: Internet Explorer Vulnerable; Offers Tips to Stay Safe

Microsoft announced yesterday that it was working on a special emergency patch to prevent the spread of an Internet Explorer zero-day flaw in its Internet Explorer browser that allowed hackers to breach the defenses of Google, Adobe, and about 32 other companies. The attack is said to be "the most sophisticated cyber attack... seen in years," according to tech security firm McAfee.

Now, Microsoft is offering recommendations for home and business users trying to keep themselves protected until the Internet Explorer patch is widely available.

Older Versions of IE, Windows Most Vulnerable

In case you missed the story, the attack -- code-named "Aurora" by those involved -- targeted Internet Explorer 6 and older versions of Windows. Microsoft has used the news of the attack to push users to upgrade to more recent versions of the browser and new operating system Windows 7.

However, recognizing that these solutions aren't for everyone, the company (along with several security firms) have also outlined a number of steps users can take to keep themselves safe until a patch is available. (Source: darkreading.com)

Update, Upgrade, Keep Security Settings High

• Upgrade to Internet Explorer 8. Although not everyone is convinced new versions of the browser are 100 per cent safe, Microsoft believes otherwise and argues that its newest version is the safest browser out there.
   
• Enable DEP, or Data Execution Protection, in Internet Explorer. This function is automatically enabled in IE8 when used on Windows XP3, Vista, or Windows 7, but anyone else will need to manually select the function. SysInternal's version of Windows Task Manager simplifies the process; a guide can be found here. (Source: guardian.co.uk)
   
• Try running Internet Explorer in Protected Mode. Microsoft says this can reduce the impact of any exploitation of the zero-day flaw.
   
• For IT experts: warn users to be careful about suspicious links appearing in their emails or instant messages and to be vigilant while surfing the web. Short-term restrictions on Internet use might also be in order. Also, limiting user privileges could help quarantine a remote break-in if a hacker does successfully breach your defenses.
   
• Set IE Internet zone security to "high".
   
• Update all third party applications, such as Adobe products, with their latest patches.

Microsoft is expected to announce when its emergency patch will be available soon.