Microsoft and US-Cert have released an alert about a vulnerability in all versions of Internet Explorer (IE 6 – IE 11) that could allow an attacker to install and run code on a computer. The most likely way a computer would be affected is through a website drive-by-download. A drive-by-download is where a user visits a malware infected website and malicious code on the website exploits the vulnerability in the users web browser to infect the computer with malware.
As of now researchers have only seen active campaigns on the Internet targeting IE 9 through IE 11 though earlier versions of IE may become targets in the future.
When Microsoft releases a patch to close this vulnerability only users running Windows 7 and above will be fixed. Windows XP users will never have this vulnerability fixed, forever leaving Windows XP users insecure from a known serious vulnerability in Internet Explorer.
For the user
Windows 7 and above users should use Internet Explorer only if it is necessary for business activities, e.g. NU SharePoint, or Banner. For all other websites it is recommended to use a browser other than Internet Explorer until a patch is released.
Windows XP users, Microsoft no longer releases updates or patches for Windows XP; there will never be a patch for this vulnerability. It is strongly recommended to upgrade to Windows 7 or 8.1.
Contact the Service Desk at 617-373-4357 or firstname.lastname@example.org for assistance with alternate browsers or upgrading to Windows 7.
KrebsonSecurity: Microsoft Warns of Attacks on IE Zero-Day