IE9 & IE10 Vulnerability Exposing Website Login Credentials

An as-of-yet un-patched IE vulnerability is being exploited in the wild by criminals.  Reports are that it is a fast growing,  widely exploited attack that has increased in distribution dramatically over the past few days.  At risk are those running Windows 7 or Windows 8.x that use Internet Explorer version 9 or 10.  Criminals are using phishing attacks and or hacking and infecting high-profile/high-volume websites with the code necessary to inject instructions into the browsers rendering engine.   That injected code then grants them access to login credentials used during the current browsing session.  This of course exposes credentials used for all sorts of sites including banking and finance.  A general fix release has not yet been made available via Windows Update,  but Microsoft has released a fix-it-tool as a temporary work around.

Our suggestion is to switch to Firefox or Chrome if at all possible,  and at a minimum install the temporary patch from Microsoft (included in the links below).

Microsoft Patch : https://support.microsoft.com/kb/2934088#FixItForMe

Alternate Browser Download link Links:
     Chrome : https://www.google.com/intl/en/chrome/
     FireFox : https://www.mozilla.org/en-US/firefox/all/

Further Reading:
    http://technet.microsoft.com/en-us/security/advisory/2934088
    Computer World Article
    http://www.itworld.com/security/406979/ie-zero-day-exploit-being-used-widespread-attacks
   

Leave a Reply