If you use IE, don’t — at least not for now

Susan Bradley

A serious vulnerability in Internet Explorer 6 through 9 has come to light, and there’s no patch at this time.

If you must use Internet Explorer for specific applications, use another browser as much as possible and remove or disable Java.

Yet another zero-day exploit targets IE

UPDATE: Microsoft has released critical update KB 2744842 to patch this vulnerability.

Microsoft Security Advisory 2757760, dated Sept. 17, warns of a newly disclosed IE vulnerability that could allow remote-code execution — which means an attacker could take over a targeted PC with the same rights as the current user. (This type of threat is why we recommend setting up a non-admin account on the PC you use most of the time.)

According to the advisory, Internet Explorer 10 (included with Windows 8) is not threatened. But that caveat is irrelevant because few Windows users are running Win8 for any purpose other than testing the new OS.

What to do: Here, in a nutshell, are your options:

1) Use another browser. Until Microsoft releases a patch for this new threat, simply do all your Web browsing with Firefox or Chrome — and make sure they’re fully updated.

2) Remove Java. If you must use IE, ensure that Java is fully disabled or not installed. I discussed this in my Sept. 6 Patch Watch column.

3) Use the Enhanced Mitigation Experience Toolkit. If you can’t operate without IE and Java, Microsoft’s EMET software can help. A RationallyPARANOID blog has a helpful how-to guide for installing EMET. Brian Krebs also has an excellent post on using the toolkit to protect IE.

Look for more on EMET — what it is and how it protects you — in next week’s regularly scheduled Patch Watch. And if Microsoft releases an out-of-cycle IE update before then, I’ll let you know. In the meantime, keep an eye out for a soon-to-be-released Microsoft fixit for Internet Explorer; it should provide protection until a patch is ready. I’ll post an update in the Lounge when it’s released.

Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

The Windows 7, Vol 3 (Excerpt)

Subscribe and get our monthly bonuses - free!

The Windows 7 Guide, Volume 3: Advanced maintenance and troubleshooting provides advanced tools for keeping Microsoft's premier operating system up and running smoothly. Get this excerpt and other 4 bonuses if you subscribe FREE now!

= Paid content

All Windows Secrets articles posted on 2012-09-20:

Susan Bradley

About Susan Bradley

Susan Bradley is a Small Business Server and Security MVP, a title awarded by Microsoft to independent experts who do not work for the company. She's also a partner in a California CPA firm.