Microsoft recently reported a serious security vulnerability (remote code execution) in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.
Understanding the exploit:
This is the description of the problem in the official announcement.
The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
In layman terms, if you use Internet Explorer and visit a website that exploits the vulnerability, your computer could be taken over by a hacker and he or she will perform actions on your behalf.
Preventing the security vulnerability:
You can easily prevent this problem by not using Internet Explorer 🙂 At least until Microsoft releases a patch. If you still want to use Internet Explorer, you should enforce the security level to ensure you have control over what is executed in your computer and to establish trusted websites.
Follow these steps to limit your risk of security exposure:
1. Open Internet Options > Security.
2. Highlight Internet and set the Security Level to High.
3. Check Enable Protected Mode.
4. Highlight Local Intranet and repeat steps 2 through 3.
5. Highlight Trusted sites and set the security level to either Medium or Low
6. Click on Sites
7. Add websites you trust to the Trusted Sites Zone
8. Apply settings and close window and restart Internet Explorer for changes to take effect
This is the link to the Microsoft’s security bulletin, as they have outlined suggested actions for dealing with the vulnerability until it has been addressed: https://technet.microsoft.com/en-US/library/security/2963983