The digital security blog Security Street warns about a critical zero-day exploit in the older versions of Internet Explorer. The alleged numbers of users at risk are overwhelming: if Security Street is to be believed, 41% of the U.S. users and 32% of the global users can fall victim of Internet criminals.
Let's assume (don't worry, just for a sec) that you're using Internet Explorer. Not the new one, version 10, but rather the good old Internet Explorer, all the way down to version 7. So, imagine you e-mail, browse SI, pay for your purchases on Amazon and Ebay, and socialize on Facebook, Google+ (why not?) or whatnot through Internet Explorer, versions 7 to 9. Then I have very bad news for you: malicious Internet attackers out there can be already prowling for a fat prey, and woe to you if they think you to have enough meat on your bones. A critical IE vulnerability allows them to get the same privileges on your computer as you... and I hope you realize they'll make the most of those.
The prerequisites of a successful attack are not that numerous:
1. You computer should run on Windows XP, Vista, or 7.
2. You should be using IE as your browser of choice.
3. You should visit a malicious website (most of the time some unobtrusive booby trap).
That's as easy as it gets. It doesn't really take you much to get in trouble. Even worse, no vulnerability patches have been released so far by Microsoft. In other words, there are not really that many ways to stop the criminals from pitching a camp on your hard drives apart from migrating to another browser, like Google Chrome or Firefox. The gravity of the problem seems to have reached a dramatic scale as the fact that the German Federal Office for Security in Information Technology recommended temporarily changing to another web browser.
However, it would be wrong to say Redmond doesn't give any signs of life: the company released a 'transitional solution' that is supposed to help you win time before the flaw is fixed. You can download it here.
But honestly, do you need all that trouble if you can just easily get a new browser?
The Alternative Browsers
Update: Microsoft has released a new security update for IE that is supposed to have done away with the vulnerability.