On Saturday, Microsoft announced a zero-day1 security flaw that affects all versions of Internet Explorer. Here’s how it works:

The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

2014-05-01 Microsoft has released security update MS14-021 to fix the flaw. Get it by running Microsoft Update now.

In other words, if you visit a website designed to take advantage of the vulnerability, it could run code within IE that gives the attacker control of the victim’s computer.

Related“Why use a standard user account instead of an administrator account?”

There is no patch, yet, but you can avoid the flaw by not clicking suspicious links on websites or in emails. Also, ensure you are logged into your computer as a standard user, not an administrator. An attacker can do less damage if your account does not have administrative permissions. Better yet, don’t use IE until Microsoft issues a patch. Use Chrome, Firefox, or Safari instead.

Fortunately, Lawyerist users are a tech-savvy bunch compared to the Internet at large. Only about 16% of our visitors are using Internet Explorer. According to NetMarketShare’s data, about 26% 56% of Internet users are still on IE.

(h/t Buzzfeed)

  1. Zero day means you will not have advance warning of an attack. 


  1. static says:

    And at least one occasional, but particularly savvy, reader uses AOL.

  2. bluvg says:

    “According to NetMarketShare’s data, about 26% of Internet users are still on IE.”

    They show over 56% are on IE.

    “Fortunately, Lawyerist users are a tech-savvy bunch compared to the Internet at large.”

    Or, perhaps they buy the “faster browser” marketing hype. Faster depends on so many things–the hardware, the site, the connection, the networking, the configuration, etc. Generally, current IE beats current Chrome in SunSpider benchmarks, Chrome is ahead in V8 (their own benchmark), but YMMV. Most folks aren’t running *current* IE, though… comparing a fresh-out-of-the-oven browser to a stale one has unsurprising results. FWIW, on the sites I oversee, the fastest response times are from Firefox, IE is slightly behind, and last place is Chrome.

  3. Randall Ryder says:

    How will this effect my dial-up interwebs with CompuServe?

Leave a Reply