If you use IE, don’t — at least not for now

Susan Bradley

A serious vulnerability in Internet Explorer 6 through 9 has come to light, and there’s no patch at this time.

If you must use Internet Explorer for specific applications, use another browser as much as possible and remove or disable Java.

Yet another zero-day exploit targets IE

UPDATE: Microsoft has released critical update KB 2744842 to patch this vulnerability.

Microsoft Security Advisory 2757760, dated Sept. 17, warns of a newly disclosed IE vulnerability that could allow remote-code execution — which means an attacker could take over a targeted PC with the same rights as the current user. (This type of threat is why we recommend setting up a non-admin account on the PC you use most of the time.)

According to the advisory, Internet Explorer 10 (included with Windows 8) is not threatened. But that caveat is irrelevant because few Windows users are running Win8 for any purpose other than testing the new OS.

-
What to do: Here, in a nutshell, are your options:

1) Use another browser. Until Microsoft releases a patch for this new threat, simply do all your Web browsing with Firefox or Chrome — and make sure they’re fully updated.

2) Remove Java. If you must use IE, ensure that Java is fully disabled or not installed. I discussed this in my Sept. 6 Patch Watch column.

3) Use the Enhanced Mitigation Experience Toolkit. If you can’t operate without IE and Java, Microsoft’s EMET software can help. A RationallyPARANOID blog has a helpful how-to guide for installing EMET. Brian Krebs also has an excellent post on using the toolkit to protect IE.

Look for more on EMET — what it is and how it protects you — in next week’s regularly scheduled Patch Watch. And if Microsoft releases an out-of-cycle IE update before then, I’ll let you know. In the meantime, keep an eye out for a soon-to-be-released Microsoft fixit for Internet Explorer; it should provide protection until a patch is ready. I’ll post an update in the Lounge when it’s released.



Subscribe to our Windows Secrets Newsletter - It's Free!

Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

Windows 8 Hacks: Tips & Tools for Unlocking the Power of Tablets and Desktops

Subscribe and get our monthly bonuses - free!

Want to hack the new Start screen and tiles for your Win8 Device, the new Lock screen, the new tile-based apps, or the automatic notification information? Yes, you can do that. How about running other operating systems inside Windows 8, running Windows 8 on a Mac, or hacking SkyDrive and social media? We'll show you how to do that as well. Get this excerpt and other 5 bonuses if you subscribe now!

= Paid content

All Windows Secrets articles posted on 2012-09-20:

Susan Bradley

About Susan Bradley

Susan Bradley is a Small Business Server and Security MVP, a title awarded by Microsoft to independent experts who do not work for the company. She's also a partner in a California CPA firm.