Microsoft Internet Explorers users, listen up! Don’t wait till Patch Tuesday to apply the latest out of band patches to be released for the product. One addresses a zero-day exploit. It is a remote code execution flaw. If it is exploited successfully, the attacker could get the same access rights to the machine as the user. That means, if you have administrative or high-level access, so will the criminal. And the fact is, most home users likely do have administrator rights to their computers.
A zero-day flaw means that there is no fix and it’s being actively exploited. Because of the severity of this, Microsoft is issuing a special update that should be deployed right away.
The issue could lead to memory corruption allowing the attacker to execute arbitrary code on the device. Internet Explorer 9, 10, and 11 are vulnerable. According to Microsoft, “If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system” and allow him to install programs, change or delete date, view anything on the machine, and/or create new accounts. It could also be exploited if someone creates a website designed to exploit it. All it would take for that to happen is for someone to click a malicious link or attachment found in an email message that goes to that website.
It is also releasing an emergency update for another flaw that could cause a denial of service (DoS) situation. In this case, the flaw is in Microsoft Defender. This is part of Microsoft’s Malware Protection Engine. Versions affected by this include everything up to 1.1.16300.1. So, be sure to update to 1.1.16300.2 as soon as possible to address it.
So, remember to never click links or attachments unless there is no doubt whatsoever that it’s safe. If it arrived from an unknown sender or isn’t expected, just don’t click it. That’s good practice all the time.
When getting updates, go directly to Microsoft’s website rather than just click any old popup that appears. Criminals will use news like this to create fake popups and trick people into going to their malicious websites. You can also completely reboot your computer to ensure the updates are showing up legitimately.
Remember that if you cannot click a popup box away, it’s probably malicious and you should close your browser to see if it disappears. If not, shut down the computer and try again. A good way to ensure your products are always updated is to enable automatic updates.
Keep in mind that Internet Explorer versions older than 11 are not supported and version 11 will cease to be supported eventually. So, if you’re still using it, consider switching to the much more secure Edge browser or another one that is supported by the developers.