Update Now: Internet Explorer Security Flaw Can Be Exploited by Malicious Websites

internet-explorer
computer-security-guide-cover-2nd-ed

4-Step Computer Security Upgrade

Learn to encrypt your files, secure your computer when using public Wi-Fi, enable two-factor authentication, and use good passwords.

On Saturday, Microsoft announced a zero-day1 security flaw that affects all versions of Internet Explorer. Here’s how it works:

The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

2014-05-01 Microsoft has released security update MS14-021 to fix the flaw. Get it by running Microsoft Update now.

In other words, if you visit a website designed to take advantage of the vulnerability, it could run code within IE that gives the attacker control of the victim’s computer.

Related“Why use a standard user account instead of an administrator account?”
Microsoft.com

There is no patch, yet, but you can avoid the flaw by not clicking suspicious links on websites or in emails. Also, ensure you are logged into your computer as a standard user, not an administrator. An attacker can do less damage if your account does not have administrative permissions. Better yet, don’t use IE until Microsoft issues a patch. Use Chrome, Firefox, or Safari instead.

Fortunately, Lawyerist users are a tech-savvy bunch compared to the Internet at large. Only about 16% of our visitors are using Internet Explorer. According to NetMarketShare’s data, about 26% 56% of Internet users are still on IE.

(h/t Buzzfeed)


  1. Zero day means you will not have advance warning of an attack. 

Subscribe

Get Lawyerist in Your Inbox, Daily

Current Articles
Current Lab Discussions
  • static

    And at least one occasional, but particularly savvy, reader uses AOL.

    • I think AOL Desktop actually just uses Internet Explorer with some AOL window dressing.

      Also, that is sad.

      • static

        You kids. Don’t worry. When retro chic becomes the new cool thing, I won’t hold your foolishness against you, and will be happy to lend you my free AOL 5.0 floppy.

  • bluvg

    “According to NetMarketShare’s data, about 26% of Internet users are still on IE.”

    They show over 56% are on IE.

    “Fortunately, Lawyerist users are a tech-savvy bunch compared to the Internet at large.”

    Or, perhaps they buy the “faster browser” marketing hype. Faster depends on so many things–the hardware, the site, the connection, the networking, the configuration, etc. Generally, current IE beats current Chrome in SunSpider benchmarks, Chrome is ahead in V8 (their own benchmark), but YMMV. Most folks aren’t running *current* IE, though… comparing a fresh-out-of-the-oven browser to a stale one has unsurprising results. FWIW, on the sites I oversee, the fastest response times are from Firefox, IE is slightly behind, and last place is Chrome.

    • You are right. Thanks for catching my mistake. Correction made.

  • Randall Ryder

    How will this effect my dial-up interwebs with CompuServe?