This is a PC user’s potential nightmare. The Department of Homeland Security (DHS) reports a security breach in Internet Explorer versions 6 through 11 and it suggests using another browser.
An advisory says there’s a vulnerability in Internet Explorer that allows someone to insert code in the browser. The code may create a message or link that could lead you to a site that may contain malware or worse.
Homeland Security also suggests that the hackers may use Adobe Flash to break into the system. Its release says, “Although no Adobe Flash vulnerability appears to be at play here, the Internet Explorer vulnerability is used to corrupt Flash content in a way that allows ASLR to be bypassed via a memory address leak. This is made possible with Internet Explorer because Flash runs within the same process space as the browser. Note that exploitation without the use of Flash may be possible.”
Microsoft acknowledges the problem and warns, “An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.”
Microsoft says it’s investigating and may provide security updates to explain what consumers should do.
But in the meantime,
Homeland Security offers this partial solution: “The Microsoft Enhanced Mitigation Experience Toolkit (EMET) can be used to help prevent exploitation of this vulnerability. Note that platforms that do not support ASLR, such as Windows XP and Windows Server 2003, will not receive the same level of protection that modern Windows platforms will.”
The bottom line — you may want to switch browsers and choose Firefox or Safari.
Homeland Security also says it’s aware of “active exploitation of a vulnerability in versions of Flash Player, which could potentially allow an attacker to take control of an affected system.”
DHS suggests, “Users and administrators review Adobe Security Bulletin APSB14-13 and apply the necessary updates.”