TORONTO – Microsoft is rushing to fix a security bug in its Internet Explorer web browser that would allow hackers to gain access to users’ computers through malicious websites.
The bug, announced over the weekend by cybersecurity software maker FireEye Inc, is present in Internet Explorer versions 6 to 11.
Microsoft confirmed via its website that it is working on a fix for the bug, but has not yet confirmed how long it will take. In the meantime, here is what you need to know about the Internet Explorer security bug:
How can a hacker exploit the bug?
According to Microsoft, an attacker could host a website designed to exploit the vulnerability and trick users into visiting it. The attacker could also exploit the bug through compromised websites that allow user-provided content.
“In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker’s website, or by opening an attachment sent through email,” read Microsoft’s update on the bug.
Is my information at risk?
Yes. If a hacker was able to exploit the security bug they would be able to gain the same rights as the current user.
This means that if the administrator account was logged on when the attack happened, the hacker could gain full control of the computer. The attacker would be able to install programs and view, change, or delete user data.
How can I protect myself?
Most security experts recommend that users avoid Internet Explorer altogether until Microsoft issues a security update to correct the bug. Other web browsers, such as Google Chrome and Mozilla FireFox, are not affected by the bug.
However, if for some reason you are stuck using Internet Explorer, there are some additional measures you can take to protect yourself from a malicious attack.
Microsoft recommends that users take advantage of Internet Explorer’s “Enhanced Protected Mode,” an add-on that protects users’ data in the event of a security breach.
According to FireEye, using Enhanced Protected Mode while surfing in Internet Explorer will prevent the user from being vulnerable to attacks.
FireEye also notes that disabling the Flash plug-in on Internet Explorer will stop hackers from being able to exploit the bug.
“The attack will not work without Adobe Flash,” read the company’s blog post.
Additionally, users can install anti-malware software or deploy additional firewalls on their machines.
What if I am a Windows XP user?
Those still using Windows XP will not receive a security update from Microsoft, because the company stopped supporting the operating system on April 8, leaving the computer vulnerable to the bug.
The best bet for Windows XP users is to download a new web browser, such as Google Chrome or Mozilla Firefox; however, many security firms urge Windows XP users to switch operating systems as soon as possible.