Threat level goes HIGH, as Microsoft readies fix for critical Internet Explorer security hole

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Pressure meter. Image from ShutterstockExperts at SophosLabs have raised their threat level to “High” in response to an as-yet unpatched security vulnerability in Internet Explorer.

The zero day threat, which was uncovered at the weekend and impacts most versions of Windows, has already resulted in the German government advising users to stop using Internet Explorer.

The rise in the SophosLabs internet threat barometer comes in response to in-the-wild detections that the team has seen in attacks exploiting the CVE-2012-4969 vulnerability in Microsoft’s popular web browser.

SophosLabs defines various threat levels from “Low” to “Critical”, based upon the prevalence of malware, spam and web threats, and intelligence regarding new vulnerabilities.

Sign up to our free newsletter.
Security news, advice, and tips.

Judged on its own, SophosLabs rates the Internet Explorer vulnerability as critical – but the seriousness of the threat means that our experts rate the threat level on the net as a whole as “high”.

At the time of writing, Microsoft has only published details of temporary workarounds to reduce the chances of computers being exploited by the vulnerability, but it’s clear that the ideal solution would be an official patch for Internet Explorer.

The good news is that Microsoft is working on a fix.

Yunsun WeeYunsun Wee, a communication director at the Microsoft Security Response Center, has said that the company plans to release a “Fix It” within the “next few days”.

"The Fix it is an easy-to-use, one-click, full-strength solution any Internet Explorer user can install. It will not affect your ability to browse the Web, and it will provide full protection against this issue until an update is available. It won't require a reboot of your computer"

If you can’t wait for a fix, or if you don’t like Microsoft’s suggested mitigation workarounds, then the only sensible option is to use another browser.

Unfortunately, that’s not an easy option for companies in particular to take.

(Customers should note that Sophos products protect against the vulnerability detecting attempts to exploit it as Exp/20124969-A – however, we would still recommend that IE users apply the security patch as soon as it is released by Microsoft).

Pressure meter image from Shutterstock.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.