As has been reported in various media outlets, the Department of Homeland Security (DHS) yesterday issued a bulletin advising regular internet users to avoid using any version of Microsoft’s Internet Explorer (IE) until further notice. A security flaw – commonly referred to as a ‘bug’ – in the program makes it vulnerable to an attack to “the complete compromise of an affected system.”
The new remote code threat, named CVE-2014-1776, has the potential to give hackers the same user rights as the current user. In other words, a successful attacker who infects a computer running as administrator could have the ability to install malware, create new user accounts, and even alter or delete data stored on the target computer. This could occur when a malicious website is visited after clicking on a spam e-mail or link.
This bug affects Internet Explorer versions 6 through 11 on a wide range of Windows versions. Microsoft has yet to announce whether it will issue an emergency patch in the coming days or wait for what is called a ‘Patch Tuesday” on May 13 to repair supported versions of IE. This will also be the first patch update from Microsoft that excludes Windows XP, which still runs on around 29% of the world’s Windows-based computers.
It is recommended that the average internet user download and utilize other browsers such as Mozilla FireFox (link), Google Chrome (link), Safari (link), Opera (link), or Maxthon (link). More experienced or adventurous internet users should find out information on TOR browsers (link).