US Warns Internet Explorer Users of Zero-day Threat; How Bad is the Bug?

The US government has released an advisory against one of the most famous web browsers known to mankind.

"Today, the U.S. government issued an advisory warning people not to use Microsoft's browser," reports Venture Beat. According to the report, the advisory was issued after Microsoft announced that there is a "vulnerability" in Internet Explorer.

"The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website," the Windows-maker explained.

In short, a hacker who has exploited the vulnerability, referred to as zero-day exploit by CNet, may be able to do anything that the user is able to do. Microsoft says that if ever a user who is logged on with administrative rights on a device has been attacked, the said hacker will be able to take full control of the system. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," Microsoft adds.

The tech company suggests that users who still desire to surf the web despite Internet Explorer's vulnerability apply workarounds to "help block known attack vectors before a security update is available."

Microsoft's suggested workarounds include deploying the Enhanced Mitigation Experience Toolkit 4.1, setting Internet and Local intranet security zone settings to "High," setting Active Scripting to prompt before running or to disable Active Scripting in the Internet and Local intranet security zone, unregistering VGX.DLL, modifying the Access Control List on VGX.DLL to be more restrictive, enabling Enhanced Protected Mode for Internet Explorer 11 and enabling 64-bit Processes for Enhanced Protected Mode.