Microsoft issues emergency security advisory for Internet Explorer exploit
On Monday, April 28th, 2014, Microsoft released Security Advisory 2963983 regarding an issue that impacts Internet Explorer. At this time, we are only aware of limited, targeted attacks. This security issue allows remote code execution if users visit a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.
Microsoft’s initial investigation has revealed that Enhanced Protected Mode, on by default for the modern browsing experience in Internet Explorer 10 and Internet Explorer 11 will help protect against this potential risk. Microsoft also encourages users to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additionally, everyone should exercise caution when visiting websites and avoid clicking suspicious links, or opening email messages from unfamiliar senders. Additional information can be found at www.microsoft.com/protect.
Here is the information you need to know.
1. All versions of IE 6 through 11 for Windows are affected.
2. No patch is available as of today (4/28/14)
What Can I Do?
1. Do not use Microsoft’s IE (Internet Explorer) on any machine you may currently have.
2. Use an alternative browser such as Firefox.
3. When the patch is issued, it will NOT apply to XP users!
4. If you are an XP User, you should use an alternative browser-forever!
5. Think seriously about upgrading or replacing those Windows XP machines.
With the end of support for Windows XP earlier this month, we believe this is just the first of many attacks that will be targeting Windows XP.
Microsoft typically releases security patches on the first Tuesday of each month, what’s known as Patch Tuesday. The next one is Tuesday, May 6th – whether or not Microsoft will release a patch for this
vulnerability before than is still unknown. In any case – there will not be a patch released for Windows XP users.
Symantec is offering XP users a tool to protect yourself from this vulnerability which it has made available on its blog:
http://www.symantec.com/connect/blogs/zero-day-internet-vulnerability-let-loose-wild
Please note that recommendations and quick fixes, such as the one provided above by Symantec, may not be possible for future vulnerabilities. We recommend that unsupported operating systems, such as Windows XP, be replaced with supported versions as soon as possible.
Here are three articles with additional information.