Ars Technica is reporting that there was a significant increase in exploitation attacks over the weekend on a previously unknown vulnerability in Microsoft’s Internet Explorer, including the most recent version, IE9. What’s very unusual is that this vulnerability appears to occur in all major versions of Microsoft’s OS, including Windows XP, Vista and 7, and and uses the Adobe Flash Player plugin to gain a foothold on a user’s computer. This exploit has been able to circumvent most commercial anti-virus and anti-malware programs in use currently.
What this means to you:
On an Apple computer like an iMac or MacBook? Nothing you need to worry about – this exploit only affects Windows-based computers.
For all Windows users: Until Microsoft admits to, and then patches this vulnerability (so far they haven’t responded), and until the major anti-malware manufacturers like McAfee, Symantec, etc. can successfully detect and protect against this exploit, using any version of Internet Explorer will come with increased risk, especially if you surf to unknown or undocumented sites (ie. follow a link sent by a friend or co-worker, without knowing whether the link is legitimate). If it’s possible, I would recommend installing and using Google Chrome or Mozilla Firefox, at least until MS can patch this vulnerability.
At minimum:
- Make sure your computer has a working anti-virus program installed, updated and running.
- Avoid browsing websites with which you are unfamiliar.
- Stay alert for unusual behavior on your computer, such as sluggish performance, unusual pop-up windows and inability to surf to websites, specifically anti-virus websites and the alternate browser sites that I linked above.
Keep in mind, if your computer is managed by an IT department, using a browser other than IE may not be allowed, or, if it is allowed, Chrome and/or Firefox may not work with some of your company’s web applications, as many are designed and tested to work with IE only.
