Today’s cyberattacks aren’t the smash-and-grab tactics used in the past. Attackers are increasingly focused on acting on good intelligence for well-planned attacks – and Microsoft’s Internet Explorer (IE) is a favorite tool.
Because IE is so closely tied to the underlying operating system for most computers, Windows, hackers use it to gather information on:
- the operating system being used
- what antivirus is running on the system, and
- third-party software or plug-ins that are running that could also be vulnerable.
Other Internet Explorer news
While the browser could be used to peek in on systems, there’s no shortage of potential vulnerabilities in IE itself. Take for instance, recent revelations from French security firm VUPEN.
The organization recently announced that it had reported a flaw in Internet Explorer to Microsoft in March of this year. The privilege escalation flaw was patched in June.
The catch: VUPEN knew about the flaw, which affected IE 8-11, since February of 2012. Like other firms, it kept the zero-day quiet, selling it only to the highest bidder.
One can only hope that’s other security professionals, not deep-pocketed hackers.
No browser is 100% safe
All this isn’t to say that Microsoft’s Internet Explorer can’t be trusted. It’s still a favorite among users, and is likely to remain so as long as it comes bundled on PCs (read: forever).
But safe browsing does depend in some measure on which browser you’re using.
Chrome could help prevent some snooping attacks, as it was designed separately from the Windows operating system. That’s not to say it’s not without flaws, however. Still, among browsers, it and Firefox are best at getting users on the most recent version quickly.
Whichever browser your users are on, however, make sure it’s kept up-to-date.
Patches are released all the time. If users have them, they’re likely to be protected against most known threats. If they’re not, hackers will use those patches to see where vulnerabilities are in out-of-date systems.