A flaw in Microsoft’s Internet Explorer (IE) 6, 7 and 8 could allow hackers to take control of a Windows-based computer if the user browses to a malicious website. Security Advisory 2794220 was issued over the weekend and soon after a team blog reported that, “We are only aware of a very small number of targeted attacks at this time. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.”
Microsoft has made a temporary fix available for the zero-day vulnerability until it can deliver a formal patch.
Be particularly careful if you are using versions 6, 7 or 8 of the IE browser. Versions 9 and 10 are not affected by the vulnerability. Check which version of IE you’re running by opening IE, click the Help question mark icon on the right and choose About Internet Explorer. To upgrade an older version of IE, go to Start > Control Panel > Windows Update.
We recommend switching browsers for a more secure one like Google Chrome. In addition to being more secure than IE 8, it is also faster and supports HTML 5, giving you a better browsing experience. Download free Google Chrome here.
According to study by NSS Labs (here), avast! Internet Security and 3 other security products out of total 13 tested protect users against Microsoft vulnerability withing XML Core Services and against vulnerability in IE 8 (IE8 has approx. 15% share). Both exploits were patched by Microsoft in June and July respectively but users who failed to update are of course at risk. A good news for avast! Free Antivirus users… you have the same protection against those exploits as users of the paid-for avast! Internet Security suite.
PS: having everything up-to-date and patched is of course one of the golden stay-secure-rules.
This issue was discovered and researched by us; we have been in contact with Microsoft engineers for the past few months to fix this problem. The aim of this blog post is to explain the problem, the risks, and possible consequences of the fix.