Microsoft would love it if you used Internet Explorer 9, or IE10 on Windows 8. That’s not going to happen, however, as many users are still on Windows XP where Internet Explorer 8 reigns supreme. Those users are now under attack as a zero-day exploit has been found.
The security researchers at FireEye discovered a zero-day exploit in Internet Explorer 6, 7 and 8 in late December that allows malware to be installed on PCs running these older versions of Microsoft’s browsers. Microsoft is now working on a comprehensive fix, but has pushed out a small emergency fix for the time being. It’s highly recommended that you download the fix until Microsoft can finish its current investigation.
Thankfully, the exploit doesn’t appear to be that widespread. Only a small number of sites have been found to be hosting the exploit, and a fix is already present. Of course, Microsoft’s investigation may show that the exploit has been around much longer than anybody previously thought. A report out of Sophos indicates that the exploit may have been in place as early as December 7. Thus, the exploit could have been infecting computers for almost a month without anybody’s knowledge.
Even with the emergency fix, it’s recommend that you upgrade to Internet Explorer 9 if you can. If you’re on Windows XP and can’t, you can always take Twitter’s advice and switch to another browser. Microsoft even makes it easy for you with the European Browser Choice site. Opera, Chrome and Firefox are all presumably immune to the IE8 exploit and you’ll probably have a better browsing experience anyway.
[h/t: The Register]