Last week, we wrote about what happens when Heartbleed, the most recent computer bug threatening web security, invades computers and hijacks personal information. Yesterday, news reports revealed that Microsoft’s Internet Explorer browser has been hit with a security flaw of its own.
It is unclear whether the flaw is caused by Heartbleed but it does include similar threats. Web security experts are urging users to switch to alternate products but Microsoft said in a statement that personal data will not be released by Internet Explorer unless users click on unverified emails and links.
“This issue allows remote code execution if users visit a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message,” Microsoft said.
The security flaw exists in Internet Explorer versions 6 through 11, and affects users of Windows XP, the operating system that Microsoft stopped supporting earlier this month.
For the time being, users are encouraged to download a security mitigation tool kit and enable the Enhanced Protected Mode under their security settings – Microsoft said these measures will work on Windows XP browsers as well.
The tech giant also encourages users to enable firewalls, apply all software updates and install anti-virus and anti-spyware software. Users should also exercise caution when visiting websites and avoid clicking suspicious links, or opening email messages from unfamiliar senders.
“We are working closely to investigate this report of a vulnerability which was found in a very limited targeted attack,” Microsoft said in an advisory.
Microsoft is working with FireEye, a global network security company, to track down and eliminate the coding flaw. Stay tuned for more updates.
Guidance for Internet Explorer vulnerability
Full advisory on security flaw
How to boost your malware defense and protect your PC