New Microsoft Internet Explorer Exploit Is A Big Problem For XP Users

A new exploit targeting Internet Explorer versions 9 to 11 has been discovered; Microsoft has assigned CVE-2014-1776 to this exploit and is tracking the issue.  While the target is Internet Explorer versions 9-11 the vulnerability being exploited is found in version 6 through 11.

From Microsoft’s Security Advisory, “The vulnerability…could allow an attacker to execute arbitrary code in the context of of the current user within Internet Explorer.”

So what does that mean for you?  A cyber criminal who’s using this exploit could gain the same user access rights as the current user on the system when the vulnerability was exploited.  So if the current user is logged in with administrative rights to the computer, the cyber criminal would be able to take complete control of that system.  The attacker could then install programs, view / change / delete data, create new accounts with full user rights, etc.malware

Once suggestion currently provided by Microsoft as they continue to assess the threat and work on a patch is to “Set Internet and Local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in the zones.”

Importantly the attack does not work without Adobe Flash, so disabling the Shockwave Flash plugin within Internet Explorer will prevent the exploit from working.  This will also make it impossible to play Flash videos and games, but for the safety of your system it’s worth it and you can always use Chrome or Firefox for those.  For most Internet Explorer versions the setting to disable Flash is under Tools / Manage Addons; the Shockwave Flash Player should have a button for Enable / Disable.

Now why is this such a problem for Windows XP users?  April 8th was the end of support for Windows XP, which in part means that Microsoft will no longer be pushing updates and patches out to these systems.  What that means for this exploit is that for all those XP users this vulnerability likely won’t get patched, unless Microsoft makes an exception and pushes it to those users.

Even if Microsoft pushes this patch to XP it is only a matter of time before the next exploit is found.  If you’re still using Microsoft XP consider upgrading soon to keep your data and identity safe.

 

[whohit]IEExploit[/whohit]

1 Comment

  1. Comunicaciones Reply

    Thanks for your marvelous posting! I actually enjoyed reading it, you are a great author.I will be sure to bookmark your blog and will often come back very soon. I want to encourage you
    to continue your great work, have a nice day!

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top