Security hole just discovered and confirmed by Microsoft
This past weekend a bug was discovered in the Internet Explorer web browser. If you use IE as your main browser, and especially if you use Flash while using IE, please read this article, and pass it on to your friends.
To be safe, you can either uninstall Flash from your computer, or you can switch to a different browser. We here at Montague WebWorks recommend FireFox, or Google's Chrome (which has Flash pre-installed).
We have pulled the text from several news websites, below.
SAN FRANCISCO — The U.S. Department of Homeland security is advising Americans not to use Microsoft's Internet Explorer Web browser until a fix is found for a serious security flaw that came to light over the weekend.
The bug was announced on Saturday by FireEye Research Labs, an Internet security software company based in Milpitas, Calif.
"We are currently unaware of a practical solution to this problem," the Department of Homeland Security's United States Computer Emergency Readiness Team said in a post Monday morning.
It recommended that users and administrators "consider employing an alternative Web browser until an official update is available."
The security flaw allows malicious hackers to get around security protections in the Windows operating system. They then can be infected when visiting a compromised website.
Because the hack uses a corrupted Adobe Flash file to attack the victim's computer, users can avoid it by turning off Adobe Flash.
"The attack will not work without Adobe Flash," FireEye said. "Disabling the Flash plugin within IE will prevent the exploit from functioning."
While the bug affects all versions of Internet Explorer 6 through 11 it is currently targeting IE9 and IE10, FireEye stated.
On Saturday, Microsoft announced that Internet Explorer versions 6 through 11 were at risk for so-called drive-by attacks from malicious websites. Windows XP is capable of running Internet Explorer 6, 7, and 8.
This new remote code execution vulnerability, dubbed CVE-2014-1776, has the potential to give hackers the same user rights as the current user. That means a successful attacker who infects a PC running as administrator would have a wide variety of attack open to them such as installing more malware on the system, creating new user accounts, and changing or deleting data stored on the target PC. Most Windows users run their PCs under an administrator account.
These attacks aren't theoretical, either—security firm FireEye discovered these attacks being actively used in the wild. For these attacks to work, however, a user would have to visit a malicious website attempting to install the code. Microsoft says attacks could also come from "websites that accept or host user-provided content or advertisements" where an attacker could insert malicious code.
Microsoft has yet to decide whether it will issue an emergency patch in the coming days or wait for patch Tuesday on May 13 to repair supported versions of IE.
Microsoft is racing to address a weakness in its popular Web browser that security experts at FireEye revealed over the weekend. The researchers discovered that hackers have exploited the bug and created a new type of attack.
This is how it works: Hackers set up a website that installs malware when you visit it. If you're duped into visiting the website while using the Internet Explorer program, malware seeps into your computer and gives a stranger total control. You might not even notice.
"I'd say someone taking control of your computer is just the beginning of the worst case scenario," said Adrian Sanabria, a security expert with 451research.com. "Because then they steal your info, get access to your email, etc."
That's where the real danger lies. Anyone in control of your computer can spy on everything you do. If it's a PC at work, hackers can reach into anything an employee has access to.
It's worse for those using Windows XP, because Microsoft no longer supports that operating system with security patches. To them, Microsoft says: Go upgrade to Windows 7 or 8.1.
The U.S. Department of Homeland Security recommends that people ditch Internet Explorer until there's a patch -- or install special software in the meantime instead.
Posted: to WebWorks News on Tue, Apr 29, 2014
Updated: Tue, Apr 29, 2014