Internet Explorer has never had a good reputation and now, it provides users another reason not to use it again.
A security firm revealed a zero-day bug that leaves it vulnerable and an advanced persistent threat group is currently exploiting it to deliver a piece of malware on a Windows PC.
How The Vulnerability Attacks Computers
According to Qihoo 360's Core security unit, the group is targeting users with a malicious Microsoft Office document containing what they call a "double-kill" vulnerability.
It doesn't automatically download to the computer. Users must be on IE and they must open the infected file, which would then launch a malicious webpage. The malware then uses a User Account Control bypass and file steganography, or what is called the embedding of a file, a message, or an image within another.
According to the antivirus software company, the vulnerability works on a global scale. It affects the latest Internet Explorer versions and the applications that use it.
How To Avoid Getting Infected
Microsoft already has Edge as its new browser but Internet Explorer still comes preinstalled on Windows PCs mainly due to the legacy applications that many companies still use. This leaves corporations open to such an attack, especially if its employees are unfamiliar with the do's and don't's of the internet.
For instance, users must be always wary of opening any file, especially if it is from an unverified source. Doing just this one thing would already keep them and their computers safe from the zero-day bug vulnerability.
Other security precautions they can take include keeping their operating system and software updated and installing a good malware protection software. Users must also avoid Internet Explorer at all times unless it's absolutely needed.
Microsoft Has Yet To Acknowledge The IE Bug
A fix for the zero-day bug in the browser is still nowhere to be seen. Microsoft has yet to release a patch to fix the flaw. ZDNet has reached out to Microsoft for a comment, but the company did not speak about the bug.
"Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible," a Microsoft representative told the publication. "Our standard policy is to provide remediation via our current Update Tuesday schedule."
Microsoft further urged its users to use Microsoft Edge instead and Windows 10 for their "best protection."