New Internet Explorer Vulnerability Sparks Warnings, Spotlights End User Security Risks

If you use IE 6-9 on either XP, Vista, or Windows 7, your computer may be at risk, thanks to a zero-day vulnerability discovered earlier this week.

According to Marc Maiffret, CTO of BeyondTrust, the exploit allows an attacker to essentially compromise and run code on your computer under the same context of the user of the computer itself. This means that an attacker can access a victims files or even completely backdoor the system for complete access.

"This vulnerability is related to the Java exploit from a few weeks ago because the original researcher whom discovered this vulnerability actually found it on one of the attacker servers used in the Java zero-day attacks," Maiffret said in an email. "It looks like the same attackers behind the Java attacks were a bit sloppy in leaving this zeroday exposed on their server for someone to find."

The word of the vulnerability comes at the same time the new IE-based web client for Microsoft Dynamics GP is being tested in beta. In addition, NAV 2013 will be supported by IE9. But Maiffret said he doesn't think this particular vulnerability will have much impact on the new releases. Instead, he said, it is important to know how dependent the software is on the IE browser. It is always best to have a back-up plan if another flaw is found in IE and you have to consider another browser in order to keep data safe.

The new vulnerability has caused enough concern that German officials warned the country's citizens to stop using IE all together and move to another browser. It was a move that the vast majority of security ...