Microsoft has released YAIESA, or Yet Another Internet Explorer Security Advisory if you prefer. This time, SA2757760 warns about a new zero-day out there in the wild which impacts all users of Internet Explorer 9 and earlier versions. It's the usual case of targeted attacks being spotted which could lead to the remote execution of malicious code if you happen to view an infected website.

dweb-ie9rip Although users of Internet Explorer 10 are not affected according to Microsoft, which accounts for a tiny minority of IE users of course, this does amount to what I see as the final nail being hammered into what has already become quite a creaky web browser client coffin of late; and here's why.

Microsoft has issued a number of 'workarounds and mitigations' that can be deployed to protect users. There's the 'Enhanced Mitigation Experience Toolkit (EMET)' for starters. Or a temporary patch, to you and me, which requires a fair bit of configuration fiddling to be of any use. Fiddling such as, and I hope you are sitting down with a cup of tea and some time to spare, the following:

Changing your Internet and local intranet security zones to the high setting in order to block ActiveX Controls and Active Scripting, which Microsoft admits will hit you in the usability stakes so further recommends you add trusted sites to your trusted sites zone. Quite how you are expected to know what sites can be trusted not to have been infected by the zero-day exploit is, frankly, beyond me. Microsoft hasn't finished yet though, also recommending that users of Internet Explorer should configure it to prompt before running Active Scripting (or even disable Active Scripting in the aforementioned zones) which, it adds, will once again disrupt your using of sites that are not in the trusted zone. Deploying the Enhanced Mitigation Experience Toolkit (EMET) is also recommended, but tough luck if you do not speak English as it's only available in that language.

I have some difference advice which is a lot simpler, and guaranteed to be effective against this particularly serious zero-day threat: stop using Internet Explorer and switch to Chrome, Firefox or Safari instead.

205 Views
About the Author

A freelance technology journalist for 30 years, I have been a Contributing Editor at PC Pro (one of the best selling computer magazines in the UK) for most of them. As well as currently contributing to Forbes.com, The Times and Sunday Times via Raconteur Special Reports, SC Magazine UK, Digital Health, IT Pro and Infosecurity Magazine, I am also something of a prolific author. My last book, Being Virtual: Who You Really are Online, which was published in 2008 as part of the Science Museum TechKnow Series by John Wiley & Sons. I am also the only three times winner (2006, 2008, 2010) of the BT Information Security Journalist of the Year title, and was humbled to be presented with the ‘Enigma Award’ for a ‘lifetime contribution to information security journalism’ in 2011 despite my life being far from over...

Just back in May they discovered 16 zero days in Chrome, so how is it safer?

Member Avatar
Member 120589

Chrome's 16 zero days were patched within 24 hours AFAIK. I didn't have to do anything. Safer? Probably not at the time of testing. After? How many IE users out there have gone through the steps mentioned above? I don't know, just curious.

Despite the safety aspect, why the hell anybody would be using IE out of choice is beyond me. My school has just moved over to Chrome from IE - years too late IMO. Dominoes fall, dominoes fall...

happygeek commented: true dat :) +11

run microsoft windows malicious software tool... took off a trojan from my ie and it stated working !!

I have no idea why people use IE in anycase. Always use Firefox or Opera

Malicious software removal tool is almost as pathetic as IE is. Also doesn't it seem odd that this thing seems to always happen just when Microsoft is trotting out a new version of IE. IMHO they could really care less about producing a browser that is secure. It seems to be about being "shiny and bright". What ever happened to a browser being just plain FUNCTIONAL? To hell with all the bells and whistles and "Decision Engines" and Google trying to play Big Brother with their tracking everybody and everything.

any remender

any remeder to problem with download manager