Researchers have revealed that IE versions 9, 10 and 11 - which currently runs on 26% of all the PCs in the world - suffers from something called a Zero Day vulnerability. This makes it easy for hackers to launch socially engineered attacks that trick users into visiting fake websites that subsequently infect their machines. Older versions of IE, dating back to version 6, are also at risk.
Following the end-of-support for Windows XP, this is the first major incident where a known weakness in XP (IE ships with all versions of Windows, and is the default browser) will not be patched or fixed by Microsoft. And just like with Heartbleed, we CAN protect ourselves. Here's how:
- Stop using Internet Explorer. Immediately. Any version of Windows and any version of IE: just stop using the browser.
- Switch immediately to an alternate browser like Google Chrome or Mozilla Firefox (both are free downloads and can be installed in well under 5 minutes.)
- As soon as Microsoft has a fix available for your computer (no ETA yet, but I'm seeing reports that indicate we might have to wait until May 13), download and apply it if you're running Windows Vista, 7 or 8.
- Download and install Microsoft's Enhanced Mitigation Experience Toolkit 4.1. It isn't the ultimate fix, but it's better than nothing.
- If you're running XP, download and use an alternative browser, and do NOT use IE again. Ever.
- In all cases, make sure you're using security software on your computer, and that it is regularly updated.
Fun stuff, isn't it?
- Spoke live with CTV News Channel's Jacqueline Milczarek. Video here.
- Was interviewed for Bryan Bicknell's report on the CTV London 6pm newscast. Video here.
- Chatted with Mike Stubbs on 1290 CJBK London as part of our weekly tech rundown.
- Spoke with Charles Adler on 680 CJOB Winnipeg.
- Talked with Angela Kokott of NewsTalk770 Calgary for our weekly Tech Tuesday segment.