Over the weekend the situation regarding the unpatched zero-day vulnerability in Microsoft Internet Explorer got worse.
On Saturday, Microsoft blogged that a staggering 0.2% of all internet users may have been exposed to the exploit, which has been seen on pornographic websites.
Of course, website attackers don’t just target porn sites. We see something like 20,000 new infected webpages every single day (that’s one every 4.5 seconds), and the vast majority of those are legitimate sites that have been compromised by the likes of an SQL injection attack.
It’s unclear how quickly Microsoft will be able to push out a fix to Internet Explorer, and some computer users may be tempted to switch (if only temporarily) to alternative browsers such as Firefox and Google Chrome.
The thing to realise, of course, is that all browsers have vulnerabilities and can be exploited. There’s no such thing as a 100% flaw-free web browser. To reduce the risks you need to change your surfing behaviour, and ensure that your systems are properly protected with up-to-date anti-virus software, patches and firewalls.
And switching the browser used by all the employees in your company isn’t a practical option. With so many attacks being discovered all the time, enterprise web protection is a must.
Hopefully Microsoft will issue a patch for Internet Explorer soon. My concern is that many home computer users routinely ignore the nags about installing security patches, thinking that they take too long or are a nuisance.
Sophos has published its own analysis (with further information here) of the severity of the vulnerability that I would recommend you read if you haven’t already done so.