The Banyan Theory Blog

Internet Explorer Zero-Day

posted by Nick

If you use Internet Explorer to browse the web, be aware that there is a dangerous new code-execution vulnerability. Microsoft has not issued a fix yet, making this a zero-day exploit (as in, zero days between the discovery of the vulnerability and the first attack).

All versions of Internet Explorer are vulnerable (6 through 11).

To protect yourself, your insurance agency, and the personal information of your customers, consider using Chrome instead of Internet Explorer, at least until Microsoft issues a fix for this vulnerability.

If you continue using Internet Explorer before it is patched, do so at your own risk, and be especially cautious when clicking on links in emails you receive. Be 100% certain you trust the sender and know what website you are about to visit.

Attacks like the ones that exploit this vulnerability are often targeted using phishing – emails that entice you to click on a link that you believe is from a trusted sender. (See my How Phishing Scams Work article if you’re not familiar with phishing.)

Unlike conventional phishing attacks, all you have to do in this case to fall victim is to click on a link. Once you’ve done so, if the page you land on is an attack page and you’re using Internet Explorer, your computer will become infected.

For more, see the Microsoft Security Advisory. From the advisory:

[A]n attacker could host a website that contains a webpage that is used to exploit this vulnerability. […] an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker’s website.

Keep an eye out for a fix from Microsoft, and install it as soon as it becomes available.

Share this —