Users of several Internet Explorer versions are being urged on Monday to switch to other browsers such as Chrome or Firefox amid news of a major security hole.
According to Rapid7 security forum, a new zero-day exploit for Internet Explorer 7, 8, and 9 has hit computers running Windows XP, Vista and 7. Zero-day exploits involve software that takes advantage of a security hole within a site to carry out an attack.
This means that computers actively using Internet Explorer can be compromised by visiting a malicious site and give cybercriminals “the same privileges as the current user.”
“We’re aware of targeted attacks potentially affecting some versions of Internet Explorer. We have confirmed that Internet Explorer 10 is not affected by this issue,” Yunsun Wee, director of Microsoft Trustworthy Computing, told Mashable. “We recommend customers deploy Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) 3.0, which provides effective protections without affecting the Web browsing experience. We will continue to investigate this issue and take further actions as appropriate.”
The Rapid7 forum said “the exploit had already been used by malicious attackers in the wild before it was published in Metasploit.”
“The associated vulnerability puts about 41% of Internet users in North America and 32% world-wide at risk (source: StatCounter),” the Rapid7 alert said. “We have added the zero-day exploit module to Metasploit to give the security community a way to test if their systems are vulnerable and to develop countermeasures.”
In the meantime, Internet Explorer users should consider switching to another browser, such as Google Chrome or Mozilla Firefox, at least temporarily. Those who are die-hard fans of Internet Explorer should proceed cautiously and upgrade to version 10 — which is in preview now — before using the web again.