Heartbleed was “so last week.” Maybe that’s why the tech gods decided to send us another little thunderbolt. And this one may not be that little.
The security firm that first discovered the flaw said that hackers are primarily concentrating their efforts on IE 9 through 11 though no version of Explorer is exempt from attack.
To exploit the flaw, the hacker requires the user’s cooperation. That is, the user must click on a link or open an attachment. Once inside, the hacker can install malware, which, Microsoft explained, makes it possible for the hacker to “gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
According to a piece on washingtonpost.com by Gail Sullivan, Microsoft says once it finishes its investigations “it will issue a fix for the problem, either in a monthly security update or a special security update.”
Till the fix is available, Microsoft suggests downloading its Enhanced Mitigation Experience Toolkit version 4.1 to help guard against attacks.
FireEye, which discovered the flaw, suggested disabling the Adobe Flash plugin (the attacks won’t work without it) and running IE in enhanced protection mode (only available in IE 10 and 11) for maximum protection.
If you’re still running XP, the best advice is to cross your fingers and hold your breath or use Firefox, Chrome or another browser. That’s because short-term solutions don’t work and Microsoft won’t be releasing patches.
If your OS is a later version that will be covered by a patch, you’re still not out of the proverbial woods. You see, about 10 percent of government computers still run XP. That, according to the Washington Post’s Craig Timberg and Ellen Nakashima, includes thousands of computers on classified military and diplomatic networks.