We have hardly recovered from HeartBleed that another critical vulnerability is uncovered. This one affects Internet Explorer, versions 6 through to 11.
The vulnerability was uncovered by FireEye, a leading company in next generation threat protection, and is still under investigation. Microsoft has issued an emergency security warning of the vulnerability - https://technet.microsoft.com/en-US/library/security/2963983.
"If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system," warned Microsoft. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
In its security blog, Microsoft explains how to mitigate this specific exploit (http://goo.gl/gkES5D).
For those who cannot follow Microsoft recommendations and Windows XP users, it is recommended they use an alternative browser. Use the links below to download and install
The UK CERT added that anyone still using Windows XP operating system are particularly at risk and should update their operating system as well as moving away from IE. It must be said that Windows XP is no longer supported following its end of life and any vulnerability will not be fixed.
- Where applicable, implement a controlled migration from Windows XP operating system to a more up to date one
- Make sure your antivirus software is a good one, is current and is regularly updated
- Download and install one of the browers mentioned above