Monday

IE 8 Zero-Day Watering Hole Vulnerability

If that headline sounds like gobbledegook to you, let me take a moment to do some 'splainin'

IE 8 refers to the Internet Explorer 8 web browser for Windows - the latest version of that browser you can run on Windows XP. Windows 7 and Windows 8 users can now run Internet Explorer 10, which is not affected by this current security issue - in fact, only IE 8 is affected at this time. You can determine which version of IE you have by looking at the "Help->About" menu item. 

A Zero Day vulnerability indicates a security problem that "got out" in the wild before any response from the manufacturer was forthcoming (Microsoft had zero days to respond). The Watering Hole part indicates that the exploit was targeted at sites typically frequented by a specific type of user, or a specific industry - in this case, government and defense sites. Of course, it's possible/likely that this will spread to "regular" websites too. 

What to do? Well, if you have Windows XP, you are stuck with IE 8 and will need to wait until Microsoft issues a fix for this. Patch Tuesday in coming up on May 14th, but it's unclear yet if a fix will be available by then - it may be released after that date as a emergency "out of band" patch. You can mitigate things by installing and using a different browser meantime, such as Chrome of Firefox. Internet Explorer can't truly be uninstalled from Windows XP, so you will still be potentially somewhat vulnerable until it's patched.

No comments :