Warning: All Versions of Internet Explorer Affected By Substantial Zero-Day Vulnerability

Microsoft over the weekend confirmed of a flaw within all versions of Internet Explorer that is being exploited in limited, targeted attacks, which utilize a manipulated Adobe Flash file hosted on attack websites. This flaw, or Zero-Day Vulnerability, has made the major news as one of the latest issues of the Internet where users could have their system infected with potential malware just by using Internet Explorer to visit a website that exploits the flaw. It is dubbed as a Zero-Day issue because there was no warning or preemptive threat leading up to the vulnerability.

The exploited flaw, which affects Internet Explorer versions 6 all the way to the most recent IE 11, could allow attackers to gain the rights as the original user of a computer all through Flash to bypass Windows security protection. Basically, the flaw will enable hackers to install various malware onto the affected computer all without any indication to the computer user.

Because Internet Explorer usage is about 26% of the total browser market, this IE flaw is susceptible to affecting a quarter of internet users. Even though hackers who exploit the vulnerability must somehow convince PC users to visit a site that is actively exploiting the flaw, the risk is still very high. One could visit an exploited site and unknowingly infect their system with serious malicious software that causes a plethora of other issues or even lead to theft of personal data. The possibilities of the aftermath are virtually endless, which is why you should adhere to the warnings from computer security experts.

So far, hackers are mainly targeting IE versions 9 through 11. What is even worse is that users of Windows XP may not get updates to eventually patch or fix the IE vulnerability when it is made available, all due to active support for XP being severed weeks ago.

Computer users who wish to take proactive steps, which are recommended by most security researchers and PC security firms, may either enable Enhanced Protection Mode on Internet Explorer 11 (if you use this version of IE) or use a different web browser in the meantime, such as Google Chrome or Mozilla Firefox. By taking one of these steps, computer users will essentially be able to evade the vulnerability until Microsoft rolls out an update to rectify the issue and reassure computer users of the flaw being eliminated.

To reiterate the potential severity of the Internet Explorer flaw, the U.S. Department of Homeland Security through US-CERT (United States Computer Emergency Readiness Team) has sent out an advisory asking computer users to consider using alternatives to Internet Explorer until Microsoft fixes it. This advisory is an alternative for those who cannot or choose not to follow Microsoft's current recommendations for enabling Enhanced Protection Mode. Simply choosing another web browser for now is the easier solution along with ensuring you are always running an updated anti-spyware or antivirus application to automatically detect malware that may slip onto your system if you so happen to use Internet Explorer while the vulnerability lingers.