A new security vulnerability in Internet Explorer has been discovered. It affects Internet Explorer versions 6 through 11. It could lead to the complete compromise of an affected system.
The vulnerability, called CVE-2014-1776, has the ability to give hackers the same rights on the computer as the current user when the computer is infected. So if the current user at the time of infection is an administrator, then the hacker will be also have the rights as an administrator on the infected computer. At that point, the hacker will be able to install more malicious software on the computer. They would also be able to add user accounts, remove user accounts, add unwanted files, change the contents of files, and even delete files from the infected computer. Any computer that is still running Windows XP is especially vulnerable to this attack. Support for Windows XP was discontinued by Microsoft earlier this month, so any fixes for this vulnerability will not include Windows XP.
The Department of Homeland Security is recommending that everyone should “consider employing an alternative Web browser until an official update is available.” The United States Computer Emergency Readiness Team (US-CERT), a part of the Department of Homeland Security, is recommending that all users enable Microsoft EMET (Enhanced Mitigation Experience Toolkit). It is a utility that helps prevent vulnerabilities from being successfully exploited. It supports every Microsoft operating system from Windows 7 and up. You can download it here.