With the arrival of Windows 10 in 2015, Microsoft replaced its seemingly perennial Internet Explorer browser with Edge, the latter of which came with a new look, new features and purportedly tighter security. However, Internet Explorer remained in the background, still in use for certain functions where it couldn't cause many problems.
For Windows 7, Vista and XP, however, Internet Explorer is more visible. So when a serious security flaw is found in this browser, the potential damage can still be bad enough for Microsoft to produce another patch, despite Internet Explorer being effectively discontinued with the arrival of Windows 10.
With that in mind, today's Internet Explorer vulnerability notice does not come as a shock. Identified as CVE-2018-8653, the issue is remote code execution, which is one of the worst kinds of security holes. With this type, a hacker somewhere on the internet can remotely access your computer and execute commands that would ordinarily be restricted to a local user.
The Workarounds section of the report details the steps that you need to take to deal with the flaw, which involve opening an administrative command prompt. To do so, tap the Windows key on your keyboard to open the Start menu, type cmd, right-click the search result, and select Run as Administrator.
The report says that a hacker exploiting this security flaw "could execute arbitrary code in the context of the current user." That could mean opening your apps, accessing documents and copying or deleting your files.
If the user had administrative rights -- which is the default for the retail version of Windows -- that could give the hacker complete access to the system to do things like download and install any program they wanted, which could then be used to perform even more nefarious actions.
FOLLOW Download.com on Twitter for all the latest app news.
In the case of CVE-2018-8653, one possible path was through a hypothetical website that the victim would be tricked into viewing within Internet Explorer. Accessing this site would let the hacker into your system.
If you're still using Internet Explorer for anything, it's high time to switch. Microsoft Edge is an improvement in pretty much every way, and it's pre-installed. However, it's currently limited to Windows 10. Users of Windows 7 or 8 may want to try Mozilla Firefox or Google Chrome instead.
Microsoft recently announced that Edge will soon be switching to use much of the same programming code as Chrome, and Edge will come to older versions of Windows as a result, plus MacOS. The Android version of Edge already uses Chrome behind the scenes, and the iOS version uses Safari underpinnings, per Apple's security requirements on that platform.
Microsoft's newer browser has struggled to gain market share after a launch in which it lacked support for add-ons like password managers and ad blockers. So it may be more cost-effective for the company to let Google do most of the browser work while it devotes resources to products with a better return on investment.
- Microsoft has announced that Internet Explorer has another remote code execution vulnerability, which you can work around using a few commands in an administrative command prompt.
- The most effective solution in the long term is to stop using Internet Explorer and to switch to newer browsers such as Microsoft Edge, Mozilla Firefox or Google Chrome.
- Security expert explains how advertisers use web browsers to spy on you
- How to beef up your Chrome and Firefox security in 2018
- Stylish plug-in yanked from Chrome and Firefox for logging users' browser history
- Safari tests USB security key support to help fix our password problems (CNET)
- Google working on blocking Back button hijacking in Chrome (ZDNet)
- Google, Mozilla working on letting web apps edit files despite warning it could be 'abused in terrible ways' (TechRepublic)