If you haven't already, you should consider dropping Internet Explorer and using a browser like Chrome or Firefox, at least until Microsoft rolls out a fix for a zero day vulnerability that reportedly affects nearly every version of IE
. Worse yet, if you're still stubbornly rocking Windows XP
for whatever reason, this is potentially a permanent vulnerability -- Microsoft dropped support
for the legacy operating system earlier this month.
The United States Computer Emergency Readiness Team (US-CERT) is one of several governments that suggests employing an alternate browser.
"US-CERT is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer. This vulnerability affects IE versions 6 through 11 and could allow unauthorized remote code execution," US-CERT warns.
Microsoft says it's aware of hackers using this vulnerability in targeted attacks, which is something security outfit FireEye Research Labs has seen. If you must use IE -- a requirement for work applications, for example -- be wary of clicking on links in instant messaging applications or in emails. One of the more common methods of exploiting this zero day bug is by convincing users to click on a URL that will bring them to a malicious website.
According to FishEye Research Labs
, the exploit leverages a previously unknown use-after-free vulnerability, and uses a well-known Flash exploitation technique to achieve arbitrary memory access and bypass Windows' ASLR and DEP protections.
"This vulnerability, for which (at the time of writing) Microsoft has not yet issued a patch, affects Internet Explorer running on any version of the Windows Operating System although Microsoft has indicated that versions of Windows Server and Microsoft mail applications are protected to some degree," CERT-UK, the U.K. equivalent of US-CERT, stated in a blog post.