What happened?
Security experts have advised internet users to switch to Chrome or Firefox after a flaw was discovered in Internet Explorer 9 and earlier versions of Microsoft’s browser. The vulnerability is known as a ‘zero-day flaw’, which can be exploited by hackers before developers have spotted it. In this instance, criminals could have used the flaw to infect a PC, merely by getting a user to visit a malicious website. In response to the flaw, Microsoft initially told people to install its Enhanced Mitigation Experience Toolkit (bit.ly/emet302) and set security settings at their highest levels. However, installing the toolkit is a complicated process that may be confusing to many users, and the high security settings could block some safe sites.
Instead, security experts suggested IE users should simply switch to another browser. “For consumers, it might be easier to simply click on Chrome,” said McAfee’s Dave Marcus. Trend Micro’s Paul Ferguson said: “There are other browsers that people can use until the problem gets fixed.” Microsoft then issued a simpler provisional fix to protect users while it worked on a final emergency patch, which has now been released. Microsoft normally only releases security patches once a month, so releasing an ‘out of band’ solution highlights the severity of the flaw. However, Microsoft said only a “small number” of users were affected. The flaw hasn’t affected Microsoft’s latest browser, IE10, which is included in Windows 8. However, a separate problem involving Adobe Flash Player in IE10 was also patched, as well as other non-disclosed security flaws in IE9.
How will it affect you?
Microsoft issued the patch within days, working quickly to protect IE users. Although this was a serious flaw, users were only left unprotected for a week. If you have Windows Update switched on, your PC should be automatically protected, and you may have noticed your computer unexpectedly restart to install the update. If you’re already a Firefox or Chrome user, feel free to feel a bit smug. These zero-day security panics rarely hit your browser, and security experts see both Chrome and Firefox as safer than Internet Explorer.
What do we think?
Yet another security flaw in IE may make you ask yourself why you’re not using Chrome or Firefox, which is a good question. No browser is completely secure, but IE gets hit by more public zero-day flaws than its rivals. Chrome is well-respected for its security, with Google offering payouts to security researchers who find flaws. Earlier this year, Chrome was successfully attacked in a hacking contest, after years of staying secure. While Microsoft should be applauded for taking swift action, it
