Every Single Person Who Uses Internet Explorer Is at Risk of a Major Security Breach

Every Single Person Who Uses Internet Explorer Is at Risk of a Major Security Breach

The news: Microsoft confirmed Saturday they've discovered a new Internet browser vulnerability that affects every single version of Internet Explorer.

Depending on who you ask, that's a quarter to a third of the entire browser market, and both the U.S. and U.K. governments have officially recommended that users use an alternative web browser until it is fixed. Department of Homeland Security officials said running IE could lead to "the complete compromise" of an affected computer.

Microsoft officially discontinued support for Windows XP last month, meaning that PCs running the 13-year-old operating system won't be automatically patched to remove the vulnerability. The glitch could thus leave nearly 30% of all Windows users at permanent risk.

Internet commenters are already making fun of anyone still using IE:


Gizmodo explains that attacks exploiting the vulnerability have mostly targeted IE versions 9 through 11 in what's known as a "use after free" attack, in which the attack corrupts data as soon as the memory is released (likely after the user has been lured to a scam website). Microsoft wrote:


The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

No patch has yet been released to fix the vulnerability, but according to Microsoft, "limited, targeted" attempts to exploit the bug have been recognized by their security team. Security firm FireEye Inc., says that a sophisticated group of clandestine hackers has been exploiting the bug in the really cool-sounding "Operation Clandestine Fox."

Just a few weeks ago, the Heartbleed bug affecting OpenSSL encryption protocols put Internet users at even more risk by compromising all servers running an unpatched version of the software.

How much do you trust the information in this article?

Tom McKay

Tom is a staff writer at Mic, covering national politics, media, policing and the war on drugs. He is based in New York and can be reached at tmckay@mic.com.

MORE FROM

You can help NASA with your solar eclipse observations on Aug. 21

You'll be an eclipse scientist.

Scientists are pretty sure that deep inside the moon, there’s water

The explosive story of water on the moon.

The six words that will make you sound smarter than all your friends when watching the eclipse

What is an umbra? How does the Saros cycle work? The total solar eclipse, explained.

Do you have little freckles in your eyes? This might be why.

Remember to protect your eyes.

The US desperately needs computer science majors, so keep coding

There are more than 500,000 computing jobs open in the US right now.

You can help NASA with your solar eclipse observations on Aug. 21

You'll be an eclipse scientist.

Scientists are pretty sure that deep inside the moon, there’s water

The explosive story of water on the moon.

The six words that will make you sound smarter than all your friends when watching the eclipse

What is an umbra? How does the Saros cycle work? The total solar eclipse, explained.

Do you have little freckles in your eyes? This might be why.

Remember to protect your eyes.

The US desperately needs computer science majors, so keep coding

There are more than 500,000 computing jobs open in the US right now.