Microsoft Issues Emergency Fix for IE 9, 10 Users
Microsoft has released a temporary fix to an important security bug affecting two recent versions of Internet Explorer. The exploit has been linked to attacks that compromised a website for US military veterans.
The bug affects Internet Explorer versions 9 and 10. It does not affect version 11, nor anything previous to version 9. That said, using an earlier version Internet Explorer less than what is currently available (depending on which version of Windows you're running) is definitely not advised.
JavaScript Bug Exploits Drive-by Download Attack
The exploit involves JavaScript, a programming language used to create some interactive content on websites. Normally Internet Explorer should block JavaScript from carrying out commands on anything other than the website itself.
Instead, Internet Explorer is in some cases allowing JavaScript code affect Windows itself, allowing hackers the opportunity to cause damage.
Bogus Email Links Lead Users To Infected Sites
A Windows PC is exploitable simply by visiting an infected website. Often this happens after a user clicks on a bogus link through an email.
The Internet Explorer exploit been described as a zero-day attack, which is a security term that means hackers found out about the bug and began taking advantage before Microsoft was able to fix it.
So far there has been one known case of a legitimate website being compromised by hackers and used to exploit the attack. That was the US Veterans of Foreign Wars site. In that case, victims have had spyware installed on their computer, in many cases without their knowledge. (Source: scmagazine.com)
Microsoft Offers Temporary Fix for Internet Explorer 9, 10
Microsoft looks unlikely to issue a patch to remove the exploit itself before the next regularly scheduled "Patch Tuesday" update on March 11, 2014. Instead it's issued a temporary "Fix It" tool which blocks the effects of the unwanted JavaScript. (Source: microsoft.com)
Using the tool doesn't require any specialist technical knowledge: instead it's simply a case of clicking an icon on Microsoft's site.
To access the Fix It tool (only if you use Internet Explorer 9 or 10), go here:
http://support.microsoft.com/kb/2934088
What's your Opinion?
Does Microsoft do enough to fix security exploits, such as the one described in this story? Have you changed your web browser, or have you considered changing, because of security issues such as this? Tell us what you think.
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
Oh well
Since I can't currently afford to replace my desktop and laptop, I'm stuck with WinXP for the forseeable future, which means I'm stuck with IE8, too. Because of that, I am prevented from adjusting the privacy settings on my Gmail account and others. Many websites either won't open at all or they try to badger me into upgrading WinXP and/or upgrade my browser. It's more than a coincidence that so many websites all did that around the same time. If I were cynical, I'd say that there was collusion with Microsoft to force people to upgrade from WinXP. Instead, I'll merely say it's suspicious.
I rarely use IE anymore
I rarely even use IE at all anymore, whether I'm at home or at work. I use Google Chrome for pretty much all my web browsing, even on my smartphone. To me, it loads webpages faster and seems safer than IE. I've had a lot less infections using Chrome.