Hackers Control PC’s Running Internet Explorer

Over the weekend the security team at FireEye found a zero-day threat in Internet Explorer that will let an attacker take control of your PC.  If that isn’t scary enough the team at Microsoft recently discontinued support for Windows XP which still accounts for one out of every four PC’s on the market.

The zero-day vulnerability uses a well known Flash exploit to take control of a users PC.  The exploit is already being used in an effort codenamed “Operation Clandestine Fox” to target US military and financial institutions.

Internet Explorer zero day exploit

You can learn more about the exploit by reading the Microsoft security advisory 2963983.  Microsoft has assigned CVE -2014-1776 to the issue.  The threat has an impact on several versions of Internet Explorer including:

  • Internet Explorer 6
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11

If you are using any of the versions of IE listed above you are at risk.  I’ll share some suggestions for mitigating the risk in a moment.  For now the best way to avoid the vulnerability is to quit using Internet Explorer until a fix is released.

Tips to Avoid the Internet Explorer Zero-Day Threat

1. Use a different web browser

The is the option I would go with.  There is no need exposing yourself to the risk of someone taking control of your PC.  Other web browsers are not at risk.  That means you can simply switch web browsers to protect your system from being attacked.  Here are some other web browsers that are free to download:

When Microsoft releases a fix you can always choose whether or not to go back to using Internet Explorer.  For now it’s best to use another web browser to stay safe from the zero-day threat.

2. Disable Flash plugin inside Internet Explorer

If you are dead set on continuing to use IE then I strongly suggest you disable Flash.  It will impact some of the sites you visit but in turn will keep you safe.  The threat relies on a Flash exploit.  Disabling the Flash plugin in IE will mitigate the issue.

3. Use Microsoft Enhanced Mitigation Experience Toolkit (EMET)

You can learn more about EMET on the Microsoft site.  It’s a free tool they offer to help prevent vulnerabilities in software.  That includes the latest zero-day threat in Internet Explorer caused by the Flash exploit.  EMET will help mitigate the threat.

Once again I’d like to mention that switching to a different web browser is the safest way to avoid the zero-day exploit.  I’m not saying that to hate on Microsoft.  They are dealing with the security issue and will release a fix (as long as your not using Windows XP).  In the meantime you can rely on Firefox, Chrome or Safari to help protect your system.  For online privacy I also recommend you explore a good VPN service.