Following discovery of a “zero-day bug” that can corrupt memory in the Internet Explorer browser, Microsoft continues to work on a fix.
The zero-day vulnerability is a remote-code execution flaw that affects how Internet Explorer versions 6 through 11 access an object in memory that has been deleted or not properly assigned.
“This exploit allows the attacker to gain access to information on the computer itself,” said Josh Zuerner, President and CEO of Joink.
The latest flaw works by tricking users into visiting a malicious website that quietly installs malware, turning control of your system over to hackers.
“When they say a critical vulnerability they are saying it’s a very high likelihood that information on your computer or what you are doing on your computer is vulnerable to hackers,” said Zuerner.
From bank account passwords to your email, anything stored on your computer could be at risk.
“It’s entirely possible that personal information has been lifted by hackers through this vulnerability and we just don’t know about it yet,” said Zuerner.
Switching to another browser such as Firefox or Chrome may be more effective in keeping your information secure.
“What happens in closed commercial software development, like a Microsoft web browser is that code is all kept confidential and considered intellectual property of Microsoft,” Zuerner explained. “What happens in open source project like Firefox is that code gets peer reviewed by open source developers all over the world.”
In a technology driven society, Zuerner states being proactive is the best defense.
“Change your passwords regularly so when a big vulnerability announcement like this comes out go ahead and change your banking passwords. You should be doing that anyways, because you never know when a big vulnerability has existed and just hasn’t been announced.”
The flaw has now been identified in all versions of Internet Explorer.
The company has yet to announce whether it will release an out of band patch or wait until the next Patch Tuesday, scheduled for May 13, to deliver a fix.