Internet Explorer is an outdated product these days. Even Microsoft replaced it with the Edge browser and, according to some sources, plans to get rid of own engine and switch to Webkit instead. The world is dominated by Chrome and Firefox, Windows Internet Explorer is being used by fewer and fewer people. That’s a good thing, because hackers can easily access the user’s computer with the vulnerability.
Windows Internet Explorer may not be used very much – its replacement, Microsoft Edge, has been operating in Windows 10 since 2015. Nevertheless, Microsoft is now bringing the, now heavily outdated, browser with Windows 10 for legacy websites. According to the latest news, Microsoft has patched a vulnerability in Internet Explorer 11 (IE11). The vulnerability would give access to the system of the user, after which the hackers can simply take over the system. Microsoft does not provide information about how the vulnerability has been abused, but how easy it was to gain access to everyone’s computer – a ‘simple’ phishing email is sufficient if the user would then visit the website.
To be precise, it is a vulnerability where the system memory gets corrupt, after which the hackers gain access to the file system. If hackers intend to use it, they only have to lead the user to a web page, this can be done with a simple phishing e-mail, then the user does not have to do anything and the computer is infected. On the PC the hackers can then view all files, they can also follow user actions to obtain bank details; finally the hijack gives hackers the possibility to install programs and backdoors. The vulnerability would already be actively abused, according to Satam Narang. Narang works for Tenable, a company that focuses on detecting cybercrime.
Both Windows 7 and Windows 10 are affected
For all users who still use Windows 7, the problem is a bit more sensitive, since Microsoft provides the browser as standard with the browser, and there are also more users who use it. In addition to Windows 7, the vulnerability is also present in Windows 10, but also in specific versions of Windows Server. Narang advises everyone to provide their system with the latest security updates as soon as possible. Microsoft indicates that the update was part of the monthly security patches, or Patch Tuesday. If you have not yet installed the update, it is important to do so as soon as possible. Narang finally adds that the vulnerability is already being actively abused, although Narang does not say how much the extent of the abuse is.