Although Microsoft (MSFT) has worked to enhance the security of Internet Explorer in recent years, the software giant's announcement this weekend that it has discovered a major new hole in the Web browser's defenses could spell trouble for millions of users.
What's alarming about the vulnerability is not just that it is a "zero-day" threat -- meaning a threat that exploits a previously unknown bug, giving developers no time to prepare a fix -- but also that it affects every single version of Explorer in use.
Specifically, Microsoft posted a warning noting that there have been attacks targeting that weakness in Internet Explorer versions 6 to 11:
The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
The bad news? There is currently no fix available for this problem. Microsoft hasn't said when one will be made available, though the company has said that possible remedies "may include providing a solution through our monthly security update release process or an out-of-cycle security update, depending on customer needs."
The worse news: Internet Explorer represents about 25 percent of all browsers in use on the Internet, so that's a sizable security exposure.Since there's no immediate fix, the best course of action in the short term is to stop using Internet Explorer and instead switch to a browser like Firefox or Chrome -- if not permanently, at least temporarily, until a fix is released.
If you're not already using an alternative browser, you might want to import your Internet Explorer favorites. To import your favorites into Firefox:
- On the menu bar, click Bookmarks and select Show All Bookmarks.
- In the Library window, click Import and Backup, and then choose Import Data from Another Browser.
- In the Import Wizard window, select Microsoft Internet Explorer, and then click Next.
- Select the items you want to import, and then click Next.
- Click Finish.
To import your favorites into Chrome:
- Click the Chrome menu button.
- Select Bookmarks.
- Select Import bookmarks and settings.
- Select the Microsoft Internet Explorer.
- Click Import.