Microsoft has issued a fix for a security flaw in its Internet Explorer browser. The fix updates the computers of all users of the Windows operating system, including XP, which the company stopped supporting in April.
The Internet Explorer security flaw allows hackers to get around security protections in the Windows operating system. The security fix resolves a publicly-disclosed vulnerability in Internet Explorer versions 6 through 11 that could allow remote code execution if a user views a specially-crafted webpage using an affected version of the browser. A hacker who successfully exploits this vulnerability through a computer infected with malware could gain the same user rights as the current user.
Microsoft said systems where Internet Explorer is used frequently, such as workstations and terminal servers, are at the most risk from the vulnerability.
Many Internet Explorer users have automatic updating enabled and will not need to take any action because the security protection will be downloaded and installed automatically.
For users who do not have automatic updating enabled to download and install patches automatically, click the “Check for Updates” button on the Windows Update portion of the Control Panel. Once in Update, check everything that says Internet Explorer on it and follow the instructions.
For administrators and enterprise installations or end users who want to install the security update manually, Microsoft recommends that customers download and apply the update immediately, following directions in the Microsoft Security Bulletin.
Technology experts do not expect Microsoft to continue managing Windows XP for security patches. Users who have older releases of the software should migrate to supported releases to prevent potential exposure to vulnerabilities. Users may want to upgrade from XP to a modern operating system, such as Windows 7 or Windows 8.1. Some users might want to move from XP to an entirely different platform.
Employ Smart Online Behavior
The single biggest factor in preventing a malware infection on a computer is the user. A user does not need expert knowledge or special training. You just need vigilance to avoid downloading and installing anything you do not understand or trust, no matter how tempting, from the following sources:
- From a website: If you are unsure, leave the site and research the software you are being asked to install. If it is OK, you can always come back to the site and install it. If it is not OK, you will avoid a malware headache.
- From email: Do not trust anything associated with a spam email. Approach email from people you know with caution when the message contains links or attachments. If you are suspicious of what you are being asked to view or install, do not do it.
- From physical media: Your friends, family and business associates may unknowingly give you a disc or flash drive with an infected file on it. Do not blindly accept these files; scan them with security software. If you are still unsure, do not accept the files.
- From a pop-up window: Some pop-up windows or boxes will attempt to corner you into downloading software or accepting a free “system scan” of some type. Often, these pop-ups will employ scare tactics to make you believe you need what they are offering in order to be safe. Close the pop-up without clicking anything inside it (including the X in the corner). Close the window via Windows Task Manager (press Ctrl-Alt-Delete).
- From another piece of software: Some programs attempt to install malware as a part of their own installation process. When installing software, pay close attention to the message boxes before clicking Next, OK, or I Agree. Scan the user agreement for anything that suggests malware may be a part of the installation. If you are unsure, cancel the installation, research the program, and run the installation again, if you determine it is safe.
Remove Malware with the Right Software
Chances are that no matter how careful you are, your computer may be infected some day. That’s because malware is designed to sneak onto your computer in ways you cannot possibly foresee. Enlist the help of the following software:
- An updated operating system: Use Windows Update. Take advantage of its ability to automatically notify you of updates, or, better yet, to automatically download and install updates.
- An updated browser: No matter which browser you use, keeping it current is vital to preventing infection. Take advantage of your browser’s pop-up blocking, download screening, and automatic update features.
- Antivirus software: You must run an antivirus program to be safe. Keep it updated, turned on and continuously scanning. Note: It is not recommended to run two antivirus programs; they may interfere with one another.
- Anti-malware: Also called anti-spyware, many antivirus applications include an anti-malware component. If yours does not, install and use a standalone anti-malware program that does not conflict with your antivirus program. Keep it updated.
- Firewall: Run a third-party firewall. Note: Don’t run two firewalls at once; they may interfere with one another.
- Spam filter: If your email program is not adequately filtering spam from your in-box, consider additional spam filtering software. If your security software is a security suite, spam filtering may be a feature that you need to switch on.