Following hard on the heels of the Heartbleed exploit, Microsoft has discovered a major flaw in the security of their browser, Internet Explorer.  According to a security advisory issued over the weekend, this vulnerability could be used by attackers to gain the same user rights as the current legitimate user. An investigation is underway, but while Microsoft will no doubt fix this issue as soon as possible, they admitted that they were already aware of “limited, targeted attacks” to exploit it.

Whilst the investigation is still in progress, Microsoft did include details of workarounds and ways to increase your security as part of their advisory however many other bodies, including US and UK governmental agencies, have simply advised computer users to make use of alternative browsers such as Google Chrome or Mozilla Firefox instead.

Microsoft stated that they will take appropriate actions once their investigation has been completed, which may mean providing the solution through their regular monthly security updates or introducing an interim security update, depending on the needs of their customers.

With this vulnerability affecting versions 6-11 of the browser, it has been present for some time without being discovered – Internet Explorer 6 was launched back in 2001. However, the real concern is for users who still use the Windows XP operating system. Because support for Windows XP has now officially ended, there will be no further security updates – which means that whatever solution Microsoft provide, it will not be provided to XP users.

Despite its age, Windows XP is still estimated to be used on around 20% of active PCs. This includes many in use in the UK’s public sector, for whom an extension of support was agreed between the government and Microsoft, giving them a further year’s grace in which to upgrade. For private businesses, however, the need to upgrade is now urgent; as new security issues like this one are discovered, XP-based computers simply become more and more vulnerable.

Here at Tristar IT we offer IT support contracts in London, to give you access to knowledgeable and highly trained IT specialists who can help you to keep your network secure, resolve issues as soon as they arise and keep your business running smoothly. For more information, please call us on 01707 378453.