Illustrated guide to Microsoft’s defense on latest Internet Explorer security flaw

This post first appeared on

Microsoft has released a new advisory about the “zero day’ security flaw affecting Internet Explorer. The advisory says that the risk affects all versions since 6, up to the most recent (11).

Calling it a “remote code execution vulnerability,” Microsoft warns that “An attacker who successfully exploited this vulnerability could gain the same user rights as the current user, including the ability to “take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Attackers could exploit the vulnerability, says Microsoft, by hosting “a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website” or someone could take advantage of compromised websites. In other words, either create a rogue site just for this purpose or hack into a legitimate site to inject malicious code.

Illustrated guide to Microsoft workarounds

Microsoft has offered a temporary user fix for Internet Explorer versions 10 and 11 but this is not automatic. Users have to go into the tools menu implement it themselves. And, like many security documents, the Microsoft advisory can be a bit confusing to those without a lot of technical experience. Or, you can avoid using Internet Explorer other than to download another browser such as (click on links to download)Firefoor Chrome.

So, here’s an illustrated guide:

1. First, make sure you can see the menu bar in Internet Explorer. It looks like this:

pic12. If you don’t see a menu bar, right-click on area near the top of the window and then click on Menu bar in the box that comes up:



3. Scroll to the bottom of the Tools menu (illustration is cropped — it’s actually quite long) and select Internet options:



4. Check “Enhanced Protected Mode” if you are running Internet Explorer 10 or for Internet Explorer 11 select both Enhanced Protected Mode and  Enable 64-bit processes for Enhanced Protected Mode (for 64-bit systems)




5. Restart your system, which means completely reboot your PC.

Make sure you get updates

Make sure you have automatic updates turned on so you’ll get the real fix when Microsoft finally releases it.