Internet Explorer users need to watch out for this worrying security flaw
Zero-day exploit discovered by a Chinese antivirus firm
If you still use Microsoft’s Internet Explorer, then be aware that there’s reportedly a major hole in the browser which could be an entry point for malware.
Chinese antivirus firm Qihoo 360 found the zero-day exploit which as yet remains unpatched, and is apparently being targeted by a group of hackers at a global level, as reported by ZDNet.
This group is apparently leveraging the exploit using malicious Office documents. When said document is opened, it fires up a web page in the background of Internet Explorer, which subsequently facilitates the transmission of malware from a remote server. The host PC is then infected.
The exact details haven’t been made clear, but it seems that this attack employs a well-known User Account Control bypass – to get round any warning pop-up messages which might alert the user that something bad might be about to happen – and also clever file steganography techniques (stealthily hiding files within files).
This vulnerability affects even the latest version of Internet Explorer, so if you do still use Microsoft’s aging browser, it’s certainly something you need to be aware of.
Proper practice
Of course, you can avoid becoming a victim simply by not opening any Office document you’re unsure of in the first place, which is obviously solid security practice.
Hopefully Microsoft will patch the hole soon enough, with the software giant issuing a fairly generic statement to say: “Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible.
Get the best Black Friday deals direct to your inbox, plus news, reviews, and more.
Sign up to be the first to know about unmissable Black Friday deals on top tech, plus get all your favorite TechRadar content.
“We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection. Our standard policy is to provide remediation via our current Update Tuesday schedule.”
And naturally, Microsoft didn’t miss the opportunity to plug its new Edge browser for Windows 10, which it has certainly been promoting on the security front in recent times.
Clearly, this is another reminder that if Internet Explorer is still your browser of choice, you might want to consider a shift to a more secure haven for your trips to the web (unless you’re forced to use IE for legacy reasons).
And if you don’t want to switch to Microsoft Edge, there are of course many good third-party alternatives such as Firefox, Chrome, and some less well-known browsers, too.
- Surf the web on the go with one of our best laptops
Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).