Today we received a Security Advisory from Microsoft that Internet Explorer versions 6 through 11 had a vulnerability that could allow an attacker to hijack a user's online session after the PC was infected with malware. An attacker could spoof a website that was designed to exploit this vulnerability and then convince a user to view the website through things like phising attacks. These attacks could lure the user to click a link contained in an email or instant message and then the user's computer would be infected with the malware upon visiting the website or by opening an infected attachment. According to the technology research firm NetMarketShare Internet Explorer versions 6 through 11 account for 55% of the browser market, so this could have a far-reaching impact.
Microsoft has provided "workarounds," that actually create a setting or configures the computer to help block an attack, but does not correct the underlying issue. The risk is especially great for those computers still using the Windows XP operating system as Microsoft stopped offering security patches for XP earlier this month.
If you're currently using Internet Explorer for secure transactions like online banking, the best course of action is to use an alternate browser like Safari, Chrome or Firefox.
If you're not comfortable or don't have access to these other browsers take these cautionary actions:
- Exercise caution when visiting unknown or untrusted sites. Avoid clicking on suspicious links or opening email if you don't know who is the source of that email.
- Enable firewalls and make sure all your software is up to date
- Turn on the "enhanced protected mode" in Internet Explorere 10 & 11. To turn it on:
- Click on "tools" in the Internet Explorer task bar and then click "Internet Options"
- Click on the tabl that says "Security<" and then check the box for "Enhanced Protected Mode"
- Click "apply"
- You will probably have to shut down Internet Explorer and restart for the change to take effect.