This post first appeared on Forbes.com
Microsoft has released a new advisory about the “zero day’ security flaw affecting Internet Explorer. The advisory says that the risk affects all versions since 6, up to the most recent (11).
Calling it a “remote code execution vulnerability,” Microsoft warns that “An attacker who successfully exploited this vulnerability could gain the same user rights as the current user, including the ability to “take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Attackers could exploit the vulnerability, says Microsoft, by hosting “a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website” or someone could take advantage of compromised websites. In other words, either create a rogue site just for this purpose or hack into a legitimate site to inject malicious code.
Illustrated guide to Microsoft workarounds
Microsoft has offered a temporary user fix for Internet Explorer versions 10 and 11 but this is not automatic. Users have to go into the tools menu implement it themselves. And, like many security documents, the Microsoft advisory can be a bit confusing to those without a lot of technical experience. Or, you can avoid using Internet Explorer other than to download another browser such as (click on links to download)Firefox or Chrome.
So, here’s an illustrated guide:
1. First, make sure you can see the menu bar in Internet Explorer. It looks like this:
3. Scroll to the bottom of the Tools menu (illustration is cropped — it’s actually quite long) and select Internet options:
4. Check “Enhanced Protected Mode” if you are running Internet Explorer 10 or for Internet Explorer 11 select both Enhanced Protected Mode and Enable 64-bit processes for Enhanced Protected Mode (for 64-bit systems)
5. Restart your system, which means completely reboot your PC.
Make sure you get updates
Make sure you have automatic updates turned on so you’ll get the real fix when Microsoft finally releases it.