Over the weekend, Microsoft revealed that there is a newly discovered security flaw in Internet Explorer that hackers are exploiting. It is called a “zero day” exploit because there was zero time between the discovery of the flaw and the first known exploits by hackers.
The flaw affects nearly half of all browsers used for accessing the web. Although the affected browsers include Internet Explorer versions 6 through 11, the primary targets, according to FireEye, the security firm that discovered the exploit, are versions 9 through 11.
Microsoft is investigating the flaw and has not yet issued a security patch. As a result, the United States Computer Emergency Readiness Team (US-CERT), which is part of the U.S. Department for Homeland Security, has recommended that users either:
1) follow workarounds listed by Microsoft in a security advisory or
2) stop using Internet Explorer altogether until a patch is made available.
For those still using Windows XP, no patch will be made available because Microsoft ended support for XP on April 8, 2014. If you use Windows XP, US-CERT advises using another web browser.
Please contact us with any questions regarding this security issue.
Amended 5/1/2014 to include Microsoft's Official Response & 5/1 Update.