Microsoft Internet Explorer bug: how to protect yourself
Microsoft over the weekend admitted to a huge vulnerability in Internet Explorer that allow hackers to set up malicious websites in order to gain complete access to visitors’ PC, provided they visited the page with a IE (version 6 and up). From there, hackers can install apps, break into other accounts and generally use the computer as their own.
In order to protect yourself from the flaw – dubbed “Operation Clandestine Fox” by security firm FireEye – the best thing you can do is stop using Internet Explorer until Microsoft patches it. Other browsers, such as Google Chrome and Mozilla Firefox, don’t have the problem, and you can export your bookmarks and other settings to those browsers very easily.
If you don’t want to stop using Internet Explorer, there are ways to ensure you’re not exposed while browsing the web. Ever since Internet Explorer 10, the browser has offered an Enhanced Protected Mode. You won’t be vulnerable to the bug with this mode enabled, according to FireEye, and it is listed as one of the work-arounds Microsoft recommends on its explainer page. The following video explains how to do it:
You can also disable Adobe Flash. Disabling Internet Explorer’s Flash plug-in will stop the bug cold, FireEye says – although that will also render your browser powerless to play Flash videos and games.
There are other, more technical ways around the exploit as well. You can install a piece of software called the Enhanced Mitigation Experience Toolkit (EMET) and configure it for Internet Explorer, Microsoft recommends. That will let you browse without altering your web experience much. Be sure to use EMET 4.1 since it’s automatically configured to protect IE.
Separate from Protected Mode, Internet Explorer has other layers of security, including sliding settings for security zones, which will block malicious software from hijacking your PC if they’re set to high. It will, however, make using some websites (such as order forms) more difficult.
Microsoft is expected to release a patch for the flaw soon – either in the company’s next “Patch Tuesday” update, due on May 13, or in an off-schedule patch specifically for this issue. It’s unclear if Windows XP will get the patch support for the operating system officially ended in April, but some large enterprise customers are continuing to get software updates.