Updated 09/13/2021 – Since this vulnerability was disclosed last week, security researchers have seen exploits in the wild and found the flaw is more dangerous than originally thought. Keep reading to find out how to stay protected.
There are plenty of internet browsers to choose from, all with varying degrees of online safety. Tap or click here for our rankings of best browsers for privacy. But if there has ever been a reason to move away from Microsoft’s antiquated Internet Explorer (IE), the new vulnerability is it.
If for whatever reason, you have refused to move over to Microsoft’s Edge browser or Google’s Chrome, you are at risk of being hacked. Looking at IE, security researchers discovered a vulnerability that can give hackers full control of your machine.
To make matters worse, the detected exploit has been designated as a zero-day flaw, and there’s no available patch. Keep reading to find out how dangerous this flaw really is.
Here’s the backstory
This threat relies on you making a choice, typically through phishing emails. Hackers embed malicious ActiveX control into a Microsoft Office document and send it through email, urging you to open it.
Once you do, the malicious ActiveX control is triggered through Internet Explorer. The browser’s Trident engine is used to display internet-based content in Office documents.
Tracked as CVE-2021-40444, a remote code execution vulnerability can be used for all sorts of malicious activity. This includes reading files and folders, taking full control of the machine or creating new administrator profiles.
It has become customary for Microsoft not to reveal the flaw’s nature or effects. This closes the window of opportunity for hackers, reducing the chances of the flaw being exploited.
How to stay safe on Windows
It is always a good idea to keep your system updated to the latest version. Microsoft advises that users make sure their Microsoft Defender Antivirus and Microsoft Defender for Endpoint are updated to protect against this threat.
The built-in security program comes standard with Windows and “provides detection and protection for the known vulnerability.” In addition to that, users should also update their third-party antivirus software. We recommend our sponsor, TotalAV.
With TotalAV, you get so much more than antivirus protection. It’s the full package: A security suite that protects your computer and smartphone from today’s threats.
Get the Best Security Suite for 2021 and save an exclusive 80% at TotalAV.com/Kim. That’s just $19 for an entire year of protection.
In the meantime, Microsoft is hastily working on an official patch. The company said it could be rolled out with the upcoming Patch Tuesday update or as an out-of-cycle security update.