Microsoft has confirmed that Internet Explorer 8 (IE8) has a “Zero Day Vulnerability” that has already been exploited to enable the compromise of computer systems.
This is a technical way of saying that the issue with IE8 is currently unpatched, and other security mechanisms are not currently effective in preventing the exploit.
RELATED READING: Why is patching important to the security of your business?
Given time (beyond “Day Zero”), this vulnerability will be patched or other systems will be able to prevent the issue, but because this issue is so new, it is currently able to reek havoc on systems that visit compromised websites.
This type of issue with a browser is so damaging because computer hackers who take advantage of it, can execute malicious code on the affected machines without the user needing to download anything or without any indication that the machine has been compromised.
All a user has to do to be infected is to go to a website that has a malicious script embedded on it, and viola you have been hacked! No bells, no whistles, no pop-ups of any kind will appear in your browser. You will not have any indication of an issue (until something bad happens on your machine).
Most of the time, the hackers are installing Remote Access Trojans so that they can get information about the affected machines or take them over completely.
Well, there are a couple of options.
You can make sure that you pay attention to Microsoft bulletins and down load the patch when they release it. They are aware of the issue, and that is step one in fixing it. They have promised that a fix to this problem will be coming shortly.
Your other option is to upgrade to other versions of Internet Explorer.
At the time of this publishing, IE9 and IE10 did not have the same vulnerabilities.
IE8 is old, but it is still the most used version of IE today. It is its popularity that makes it such an attractive target for hackers.
If you use IE8, update your system regularly and be careful where you browse.
Subscribe to Lumifi's Daily Cybersecurity News Curated by a CISO
We’ve expanded our MDR capabilities with enhanced incident response and security services to better protect against evolving cyber threats.