Microsoft announced over the weekend a vulnerability in the Microsoft Internet Explorer (IE) application that affects all versions from IE 6 to IE 11. This is how it works: Hackers set up a website that installs malware when you visit it. If you're duped into visiting the website while using the Internet Explorer program, malware seeps into your computer and gives a stranger total control. You might not even notice.
These vulnerabilities typically require user involvement to get the ball rolling, whether that be visiting a maliciously crafted website or clicking an unknown link in an email.
Microsoft is currently working on preparing and releasing a security update to resolve this issue, but in the mean time here are some things you can do (and some not) to help mitigate the possibility of becoming afflicted:
- Whenever possible, use a different browser and be sure you have the latest version – Mozilla Firefox and Google Chrome are both free and excellent alternatives.
- For websites that absolutely require use of Internet Explorer, ensure they are approved by your company.
- Websites that allow user-generated and hosted content should be avoided when using IE. Such sites would include YouTube, Reddit, Imgur, Mediafire, and Flickr. This is not an exhaustive list, but only meant to provide examples of websites where such user-created content could potentially be crafted to take advantage of this vulnerability. Though we’d like to think services such as YouTube would catch and deny or disallow such content, with hundreds of thousands of uploads happening on any given day there is still the chance something might get missed.
- Be cautious of the emails you receive – especially those from someone you know. We are quick to ignore and remove messages from an unknown sender, but those sent from someone we’ve communicated with before (whether regularly or otherwise) are often times treated with more trust. Typically the first thing an attack will do is attempt to spread by any means possible, and Email is the easiest method. If you’re not expecting an email from someone, avoid opening any attachments. Exercise caution when clicking any links in the body of the email by hovering your mouse over the link to determine its true path (see the screenshot below for an example). If the link doesn’t correspond to what it relates to or does not have anything to do with the sender, avoid clicking it or ask your IT group to take a look at it for you (e.g., Joe Smith from ABC Company sending a link to a rental property but it happens instead to go to a website regarding pancakes that has been compromised).
Being security conscious and aware, is the first step to protecting yourself.