Following the discovery late last week of a vulnerability in Microsoft’s Internet Explorer browser, the Redmond-based company is urging users to download a free security patch until it sorts out an updated, more secure version of the software.
With its web browser installed on hundreds of millions of computers around the world, the flaw has the potential to cause serious havoc if users fail to install the fix.
The malicious software code, known as Poison Ivy, loads itself onto a PC when its owner visits an infected website. Hackers then have the opportunity to steal personal data or take control of the PC.
A Microsoft webpage addressing the issue is urging users of Internet Explorer (except IE 10) to protect their machines by deploying the Enhanced Mitigation Experience Toolkit (EMET).
Besides installing the fix, Microsoft also lists a number of changes that users should make to their Internet and local intranet security zone settings, warning that some changes could affect IE’s usability.
It’s bound to sound like too much of a palaver for some computer users unfamiliar with the inner workings of IE. Indeed, some computer security experts have told Reuters that it would be far simpler for IE users to temporarily switch to other browsers, such as Firefox, Chrome or Opera, until Microsoft issues an updated version of IE.
Complicating matters further, it seems that some businesses may not even be able to install Microsoft’s EMET tool, telling Reuters that some firms run software on their networks that is incompatible with EMET. Questions have even be raised as to the effectiveness of EMET in thwarting attacks on PCs running IE.
The vulnerability was discovered on Friday by Luxembourg-based researcher Eric Romang.
If you’re reading this using IE and want to continue using it, Microsoft highly recommends you install EMET as soon as possible to (hopefully) protect your machine. Alternatively, as suggested, you could always give Firefox, Chrome or Opera a try.
Microsoft will be working flat out to sort out a safe and secure version of IE, aware that the longer it takes, the more users it could lose to competitors. However, no browser is ever 100 percent secure, with developers often discovering that no sooner have they fixed one security hole, another one is discovered.
- Google found another critical security flaw in Microsoft Edge
- Microsoft misses another Edge-related 90-day security disclosure deadline
- Intel, Microsoft using integrated graphics to thwart next Meltdown-style threats
- AMD is working on fixes for the reported Ryzenfall, MasterKey vulnerabilities
- Intel decides not to patch Spectre vulnerability for older processors