If you are using Microsoft’s Internet Explorer browser, it may be time to stop for a while. According to confirmed reports, Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in all versions of the Internet Explorer browser, including Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.
Microsoft says that the new security flaw is a remote code execution vulnerability that allows the attackers to gain the same user rights as the current user. Users who are not administrators will be less impacted, as they have less permissions and rights. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. This may cause memory to become contaminated in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.
One way this new vulnerability with all Internet Explorer browsers can cause issues is if a victim visits a specially crafted website that is designed by the attackers to exploit this vulnerability through Internet Explorer and then convince a user to view the website. An attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the malicious website, typically by getting them to click a link in an email message that takes users to the attacker’s website.
Microsoft claims that they will take the appropriate action to protect their customers, which may include providing a solution through their monthly security update release process, or an out-of-cycle security update, depending on customer needs.
If you believe your computer is compromised and that you are at risk, it is recommended to scan your computer for malware and remove any if found using reputable Antivirus and/or Anti-Malware software such as Norton 360 or Malwarebytes Anti-Malware Premium. These software suites will also protect a Windows computer in real time against security threats and can also be used to block malicious websites.