While you were partaking in the year-end festivities, cybercriminals had a field day exploiting a loophole in older versions of Internet Explorer.
Last Friday, the website of the U.S. Council of Foreign Relations was allegedly compromised by Chinese hackers who exploited the zero-day bug that was only discovered that same day.
The bug, which affects Internet Explorer 6, 7 and 8, allows hackers to hijack Windows PCs by enticing users to click on URLs of websites hosting malicious code. Microsoft said in a security advisory yesterday that its Internet Explorer team is working on a security update.
Meanwhile, the software giant will be shipping a software fix, available from its Fix It Solution Center, to protect systems before the patch is ready.
While the fix does not address the bug, it prevents the flaw from being exploited, Microsoft said.
If you have to stick to an older version of Internet Explorer, set your Internet and local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting.
Also, configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones.
The best measure, of course, is to upgrade to Internet Explorer 9 or 10, or consider switching to Google Chrome and Mozilla Firefox.
Around the same time last year, Microsoft also discovered a flaw in its ASP.Net programming language that allows perpetrators to take down servers. A patch was issued to fix the bug a day later.
