If you typically run Microsoft Internet Explorer (on Windows 7 and Windows 8.1), Newmind strongly urges you to stop and find an alternative browser—at least for the time being! If you must use IE for certain banking or business related sites, then consider using a 2nd browser for everything else.
A new weakness has been discovered in Internet Explorer (even versions that are fully patched and up-to-date), allowing predators to extract login information, and direct users towards harmful content during their browsing session. Microsoft is currently working on a fix for this issue, and we’ll be updating this post as soon as that fix is live, so be sure to check back!
If you’d prefer to be notified immediately, join our email notification list.
Universal Cross-Site Scripting (XSS) bug
The bug has given predators the ability to skip a process that would usually prevent one site from accessing or altering browser cookies (or other content) in place from another site. Long story short, it’s stealing data from the cookies that websites leave in your IE browser.
This would enable attackers to easily hold onto authentication cookies (left after you’ve entered your username and password on a site), and use them to access user data that’s normally protected by a login—data like browsing history, banking info, and more. A more detailed description can be found on Arstechnica.
This statement was given by a representative of Microsoft:
“We are not aware of this vulnerability being actively exploited and are working on a security update. To exploit this, an adversary would first need to lure the user to a malicious website, often through phishing. SmartScreen, which is on by default in newer versions of Internet Explorer, helps protect against phishing websites.
We continue to encourage customers to avoid opening links from untrusted sources and visiting untrusted sites, and to log out when leaving sites to help protect their information.”
I’m an Internet Explorer user… Now what?
While we encourage you to take the measures outlined by Microsoft above, we put together some tips for moving forward while things get sorted out!
Newmind will keep our ear to the ground and update this post as soon as a fix becomes available for the public.