Internet Explorer has a severe security bug

On April 26 Microsoft announced that a new vulnerability in Internet Explorer could allow remote code execution.  A patch (KB2964358) will soon be released for all Microsoft Operating Systems still in support, which excludes Windows XP and the even older Windows 2000.

What is remote code execution?

A remote code execution vulnerability is essentially the most severe type of security defect as it allows unauthorised access to your computer via a network, such as the Internet.  Essentially this vulnerability provides the ability to run any application remotely, without authorisation, which can often lead to a hacker having complete control of your computer.

What does this all mean?

Well if you are running Windows Vista, Windows 7 or Windows 8, you will receive the patch to Internet Explorer via the standard Windows automatic update process. 

If you are running Windows XP, Windows 2000 or even older versions of Windows there will be no patch made available from Microsoft.

If you really need to continue using Windows XP or older versions, you should no longer use Internet Explorer.  However you could still be vulnerable to attacks via email clients such as Outlook.

On unpatched computers, email can be used as an attack vector by inviting the user to click on a link to a web site which contains the malicious code that targets this vulnerability.

What should I do pending the release of the patch for supported Operating Systems?

Firstly try and avoid using Internet Explorer on the Internet.

I recommend that you use a different web browser such as Firefox or Chrome.  You should also make that browser your default browser, that way if you open a link from email, it will not open it in the vulnerable Internet Explorer.

You should also check that you have all of the current Microsoft updates installed.  You can check this by opening Control Panel, searching for 'update' and then clicking on Windows Update.  If there are any important updates listed, you should install these now and reboot if requested.

Once Microsoft releases patch (KB2964358) it will be made available via Windows Update in the normal manner.  I will also update this blog to let you know when this has occurred.

Finally if you really need to run Internet Explorer on an unpatched computer you can follow Microsoft's suggested actions on this Security Advisory page and on this technet blog.

Update (2 May) - Patch Released

Microsoft has just released a patch (KB2964358) for this severe security defect which should be applied as soon as possible.  From Control Panel, search for Windows Update and then apply the patch.  You will need to reboot your PC to apply the patch.