Internet Explorer is under attack by hackers exploiting zero day flaws in the popular Microsoft web browser. Microsoft warns Internet Explorer 6, 7 , and 8 users that an attacker can target the zero day flaw by tricking users into browsing to a malicious website, which begins with a phishing email or instant message. This trick then allows hackers to execute whatever code they want on your computer.
Hackers are targeting the Microsoft error in Internet Explorer by setting up a watering-hole-style attack using malicious Javascript. According to CRN , the “technique can bypass Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP), two Microsoft security features designed to prevent malicious code execution in memory.” This bug affects primarily Windows XP users as Internet Explorer 9 and 10 remain unaffected and Windows XP can only be upgraded to version 8. Still, according to ITNews , Windows XP users currently make up 35 percent of the global share of the operating system market.
Dustin Childs, group manager of Microsoft response communications in the company’s Microsoft Security Report Center blog , says the security attacks have been rare according to CRN :
“While we have still observed only a few attempts to exploit this issue, we encourage all customers to apply this Fix to help protect their systems.”
Cristian Craioveanu, a Microsoft engineer on the Microsoft Security Research and Defense blog, wrote about the temporary patch, which does not require a system reboot:
“The temporary patch prevents malicious code from targeting the vulnerability. The workaround will have a small effect on the startup time of Internet Explorer.”
Despite any security flaws, Internet Explorer remains a very popular option. According to Ars Technica , Internet Explorer retains 48.75 percent of the worldwide combined browser market share. Internet Explorer 8 was fairly unpopular, resulting in huge losses in market share for Microsoft, but Internet Explorer 9 and also version 10 reversed their fortunes, and they even stole some users from Firefox and Chrome .