Update Now: Internet Explorer Security Flaw Can Be Exploited by Malicious Websites


Get our "4-Step Computer Security Upgrade"

This guide makes it as easy to lock the virtual door to your computer as it is to lock the physical door to your office. In less than an hour, you will learn to encrypt your files, secure your computer when using public Wi-Fi, enable two-factor authentication, and use good passwords.

Get it Now!

On Saturday, Microsoft announced a zero-day1 security flaw that affects all versions of Internet Explorer. Here’s how it works:

The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

2014-05-01 Microsoft has released security update MS14-021 to fix the flaw. Get it by running Microsoft Update now.

In other words, if you visit a website designed to take advantage of the vulnerability, it could run code within IE that gives the attacker control of the victim’s computer.

Related“Why use a standard user account instead of an administrator account?”

There is no patch, yet, but you can avoid the flaw by not clicking suspicious links on websites or in emails. Also, ensure you are logged into your computer as a standard user, not an administrator. An attacker can do less damage if your account does not have administrative permissions. Better yet, don’t use IE until Microsoft issues a patch. Use Chrome, Firefox, or Safari instead.

Fortunately, Lawyerist users are a tech-savvy bunch compared to the Internet at large. Only about 16% of our visitors are using Internet Explorer. According to NetMarketShare’s data, about 26% 56% of Internet users are still on IE.

(h/t Buzzfeed)

  1. Zero day means you will not have advance warning of an attack. 

Current posts

  • static

    And at least one occasional, but particularly savvy, reader uses AOL.

    • http://samglover.net/ Sam Glover

      I think AOL Desktop actually just uses Internet Explorer with some AOL window dressing.

      Also, that is sad.

      • static

        You kids. Don’t worry. When retro chic becomes the new cool thing, I won’t hold your foolishness against you, and will be happy to lend you my free AOL 5.0 floppy.

  • bluvg

    “According to NetMarketShare’s data, about 26% of Internet users are still on IE.”
    They show over 56% are on IE.

    • http://samglover.net/ Sam Glover

      You are right. Thanks for catching my mistake. Correction made.

  • Randall Ryder

    How will this effect my dial-up interwebs with CompuServe?