Home » Antivirus » Critical Safety Alert by Microsoft for Internet Explorer Users

The security experts have released a critical security review in the awareness of Internet Explorer users. Reports are in that; security patches in all supported versions of Internet Explorer has been let free.

Critical Safety Alert by Microsoft for Internet Explorer Users

What is the Vulnerability?

In the official security report, Microsoft has reported the weakness to be remote code execution (RCE) weakness. This safety issue has been labelled as “CVE-2015-3894”. Given the information that, this weakness has no existing patches at the moment, it is a zero-day safety error.

What are the affected Versions of Internet Explorer?

Internet Explorer 6, 7, 8, 9, 10 and 11 are ones that are affected.

According to the experts, incidents of malwares exploiting the weakness in Internet Explorer 8 and 9 have already been reported. Users must know that, this does not say that the other Internet Explorer versions are any safer.

Is there any other Fix?

Even though Microsoft has not released any security patch, it has released a short-term Fix it solution called “CVE-2015-3894 MSHTML Shim Workaround”. As the name says, this solution is only a temporary patch, and is not a treatment for the underlying issue. Until an official safety patch is released, this workaround will help stop attackers from exploiting the weakness in the affected versions of Internet Explorer.

The solution it patches only applies to 32-bit versions of Internet Explorer. For those using 64-bit Internet Explorer, they would have to wait until Microsoft launches an appropriate software update. In the interim, they are suggested to use web browsers other than Internet Explorer.

Users of 64-bit Internet Explorer can also install Microsoft’s Enhanced Mitigation Experience Toolkit. This toolkit can be used to twist Windows security technologies, and lower the chances of attacks. But, PC novices may find it tough working with this toolkit. Even users who are tech-savvy are suggested to follow the User’s Guide before placing this toolkit into use.

Thus, most experts have suggested that users are better off surfing the Internet with an alternative browser, until an everlasting patch for the vulnerability is launched.

How does a Hacker use the Vulnerability?

As mentioned, this vulnerability can permit an attacker to gain remote access of the victim’s device.  How dangerous this remote code execution can be, rely on the user rights the user is logged on with. For example, if the victim is logged on as an administrator, then the attacker can access the same user rights can get total control of the device.

How is the Internet Explorer Vulnerability Exploited?

The Internet Explorer vulnerability can be exploited only with the help of infected websites designed by the hacker. And for this, the hacker must fool or convince the target to visit the website. For this, the hacker may send the victim an email having a link to the website, or an email file that redirects the user to the website. In some situations, websites that permit users to add content are also used by attackers to exploit the weakness.

Note: Microsoft has declared that, its server platforms are not vulnerable to this attack. By default, Internet Explorer on Windows Server platforms executes on limited mode. This mode stops a normal user and even an administrator from downloading infected websites that are able to exploit the vulnerability.

Suggested Tips

We suggest users to consider taking the following methods, to cut the chances of the CVE-2015-3894 vulnerability:

  • Use other web browsers like the Firefox, Chrome, Safari, etc.
  • Do not run your administrator rights for regular tasks like browsing.
  • Use Quick Heal Browsing feature for exploring the Internet.
  • Keep an eye out for any safety updates by Microsoft to fix this weakness.

We will keep our readers updated about any further modifications on this topic. You can also use reliable antivirus software for the device safety like McAfee. The software has reliable features and user friendly interface. The issue regarding McAfee can be handled by contacting the McAfee Technical Support. The technicians will help the user to fix the issue as soon as possible.