On Saturday Microsoft posted a security advisory about a vulnerability that affects all versions of Internet Explorer from 6 to 11. Together, these versions comprise more than 56 percent of Internet browser market share. That’s a lot of copies of vulnerable browsers.
The weakness could allow a hacker to distort what a given user’s browser displays to trick him into clicking on a false link. This could then give the hacker control over his computer.
Microsoft said in its post that the company “is aware of limited, targeted attacks” exploiting the flaw. And FireEye, the cybersecurity company that found the weakness and sent it to Microsoft, reports that hackers are especially going after IE versions 9, 10, and 11 through the Adobe Flash plugin. Though that’s a slightly smaller window, those three versions still represent almost 32 percent of total browser market share.
An easy solution to the problem is to let your last action in Internet Explorer be downloading a shiny new browser. But for people who aren’t ready to jump ship, Microsoft has a list of workarounds while the company works on a solution, and a patch should be out in the next few weeks.
The vulnerability is also significant, though, because it marks the first discovery of a security flaw since Microsoft ended support for Windows XP. When the company patches the vulnerability, XP won’t receive the update. Though other browsers like Chrome and Firefox are still supporting XP for now, this latest security flaw shows how crucial migrating away from XP really is—even though the 13-year-old operating system still has an amazing 28 percent market share. Brand loyalty is one thing, but everyone needs to stop using these old operating systems and versions of IE. Just stop.
