A “Zero Day” exploit has been discovered putting Microsoft Internet Explorer (IE) users at risk
On April 26, 2014, cyber security firm FireEye discovered a Zero Day Exploit in Microsoft Internet Explorer (IE) and Adobe Flash. “Zero Day” means that the exploit was discovered before Microsoft had any idea it existed. This vulnerability allows attackers to bypass the standard security measures in IE and take control of your PC. Microsoft quickly posted a security advisory alert, which can be read here. A fix was released on May 1, 2014 for Windows 7, Vista, and XP systems.
The vulnerability exists in all versions of Internet Explorer from the latest back to version 6. You will not be affected just by being on the Internet but you can be affected if you go to the wrong website. Once you open the hacker-controlled website, the attacker is granted access to your PC physical memory. From there, they have full access to your PC. Since almost all computers have Adobe Flash installed, this is a very severe security issue.
It is important to realize that it is the combination of Adobe Flash and IE that creates the issue; Adobe Flash by itself is not malicious. Sites such as Youtube, Facebook, and Amazon all utilize Flash to create a better web experience for the users. Additionally the vulnerability only affects IE users. There are other browsers available to use that are unaffected Google Chrome, Mozilla Firefox, Apple Safari, and Opera to name a few.
ITAcceleration recommends you use another browser until Microsoft is able to release a security patch. If you are unable to use another browser, you should disable Adobe Flash and, as always, be mindful of where you are going on the internet. Below are links to download Firefox and Chrome, which ITAcceleration loads on all PCs we build. Not only does it offer users an alternative to Internet Explorer, but they prove to be useful in times like this where one browser may be compromised.