Emergency Security Warning For Internet Explorer

December 17, 2008

There is a new, nasty vulnerability to Internet Explorer (IE).  Simple web browsing has been reported to be exploited to well-known and usually “safe” sites. The vulnerability creates full access to your local computer, including the ability to install software and access files.  Root-kits, Trojans and password recording applications have all been seen installed via this method.  This has affected all versions of Windows and Internet Explorer.

Microsoft has issued an emergency update to address this problem.  Emerson Technologies highly recommends that this patch get applied immediately and not wait for the normal once a month update schedule.  You should be able to find the update through Windows Update by opening Internet Explorer, selecting the Tools menu and clicking on Windows Update.

Internet Explorer (IE) has had and continues to have vulnerabilities.  Hackers love to pick on IE as they know it wasn’t developed with a reasonable security model.  Some say it wasn’t initially developed with security in mind at all. Because of that, IE will remain a high security risk. Hackers also know it’s the most widely used Internet browser around, so their efforts will affect more people.  The best way around this issue is to use another browser instead.

There are a handful of popular browsers out there, but the best alternative in our opinion is Mozilla Firefox.  Firefox is feature rich, secure, and just plain better than IE.  Firefox does not have this newly found vulnerability and will serve your Internet browsing needs safely. You can download the latest version of Firefox by visiting getfirefox.com.

Also included is a link to the Windows Secrets Newsletter, which explains in detail why Firefox is a better option.  It will show you how to install and configure Firefox to give you the safest browsing available.

For more information, the Security Advisory is available on Microsoft’s Security Advisory page.

UPDATE 12-18-2008: The official Microsoft patch for this problem has been released.  More information can be found in Microsoft Security Bulletin 08-078.


Comments are closed.