‘Critical’ IE flaw fixed as users ponder switch to Edge
Microsoft has released an emergency security patch for Internet Explorer to fix a ‘critical’ flaw.
It arrived in mid-august outside of the company’s normal Patch Tuesday schedule, which is the second Tuesday of every month.
The update, called CVE-2015-2502, fixes a vulnerability that allows hackers to perform remote code execution, letting them take over a victim’s PC if they visit boobytrapped websites containing malware.
In its Security Bulletin ( www.snipca.com/17706) Microsoft said a hacker could then “install programs; view, change, or delete data; or create new accounts with full user rights”.
The flaw exists in IE7 through to IE11, the latest and final version of the veteran browser. You can find out which version of IE you’re using at www.snipca. com/17707.
It affects IE on computers running Windows Vista, 7, 8 and 10, even though the default browser on the last of these is Microsoft Edge, which is not at risk.
The update will be applied automatically in Windows 10, as it will in Windows 7 and 8 if you have ‘automatic updating’ switched on. To check, follow Microsoft’s instructions at www.snipca. com/17709.
The update is the latest of a series of patches for Internet Explorer this year, the biggest of which came in February when 41 flaws were fixed (see Protect Your Tech, Issue 444).
While Microsoft will continue to provide security fixes for IE11 until 2023, when support for Windows 8.1 ends, it will hope that the majority of users will switch to Edge within the next year.