It has always been a cat and mouse chase for software developers to make their software secure. However, they eventually find flaws and dash to patch them up as issues come along. The worst kinds are called “zero-day bugs”. These are the undiscovered flaws that hackers have already been actively exploiting.
This time, Microsoft has just found one that is currently affecting Windows-based machines and they have done something about it.
Internet Explorer has this flaw named CVE-2018-8653 which could allow an attacker to remotely take control of a Windows machine by simply making a victim visit a poisoned website.
So what happens next you ask? If you visit the site, it could probably allow an attacker to remotely take control of the machine and run a malicious code, install programs, steal data and even create new users with administrator rights. The most annoying part is, hackers have already been exploiting this flaw.
Google has reported this zero-day flaw to Microsoft. This affects virtually all versions of Internet Explorer 11 starting from Windows 7 up to Windows 10, Windows server 2012, 2016 and 2019.
If you are still using Internet Explorer, this would be a good time to grab this patch and run it on your computer.
Most Windows-based machines are set to download and install updates automatically by default. However some users chose to disable automatic updates. If you did not make any changes to your automatic update settings, you should be fine. If you are not sure, here is how you can check. Sample screenshot is from Windows 10.
You can click on Start (Windows Logo), choose “Settings” and on the “Windows Update” section, select “Check for Updates”.