Microsoft has admitted the existence of yet another security flaw in Internet Explorer which hackers are actively exploiting. It is called a “zero day” exploit because there was zero time between the discovery of the flaw and the first known exploits by hackers.
The flaw affects nearly half of all browsers used for accessing the web. Although the affected browsers include Internet Explorer versions 6 through 11, the primary targets, according to FireEye, the security firm that discovered the exploit, are versions 9 through 11.
Microsoft is investigating the flaw and has not yet issued a security patch. As a result, the United States Computer Emergency Readiness Team (US-CERT), which is part of the U.S. Department for Homeland Security, has recommended that users either 1) follow workarounds listed by Microsoft in a security advisory or 2) stop using Internet Explorer altogether until a patch is made available. For those still using Windows XP, no patch will be made available because Microsoft ended support for XP on April 8, 2014. If you use Windows XP, US-CERT advises using another web browser.
JC Kelly recommends that you select option 2 and completely discontinue use of Internet Explorer regardless of the version of Windows you might be running.
Please contact us with any questions regarding this security issue.