Microsoft Windows users take note

There’s a new exploit making the rounds that allows hackers to access your PC and steal personal data.

Its vector is Internet Explorer (“IE”), including the copy of IE bundled inside every Windows 10 setup!

Even if you never use IE, never click on it, or never call it up in any way, it’s there, and this new exploit can make use of it.

In fact, if you use any version of Windows, you almost surely have IE on your PC.

For details, Forbes has a good writeup here: “Warning: Internet Explorer Just Became A Silent But Serious Threat To Every Windows User

Microsoft says they’ll eventually fix it, but not soon. (Hmmmm.)

Meanwhile, you can (and probably should) disable IE on your PCs now.

Microsoft’s instructions: How to disable Internet Explorer on Windows

Permalink: https://langa.com/?p=2632

[seperator]

COMMENT / QUESTION on THIS ITEM? See the Comment box at bottom of this page!

NEW QUESTION?
Ask here!

(Want free notification of new content? Click here!)

1 Reply to “Microsoft Windows users take note”

  1. There are a number of Windows applications (too many to list) that use Internet Explorer indirectly, as a browser component.

    Disabling Internet Explorer, using the instructions you linked to, will only disable the user application called Internet Explorer and won’t disable the IE components used by other apps. So, essentially, following those instructions is about as useful against this exploit as deleting the IE shortcut from your desktop, as long as you have and keep using applications that contain IE based browser objects.

    And it’s the 3rd party dependence on these browser objects that is the only reason why IE continues to be included with the latest version of Windows. Microsoft has moved their focus to Edge, and would love nothing better than to rip IE out of their OS, except too many other 3rd party applications would then stop working, too.

    And the use of these IE components in a 3rd party app that you use, might not be that obvious.. It could be something as small and simple as a tiny little stripe that provides news about updates being available. Under normal circumstances it might appear as nothing is there, then suddenly a clickable link appears, when it’s time to update, because the page the app is set to load in that small, seemingly invisible browser object, suddenly has content on it.

    This is the easiest form of “automatic update checking” that a developer can add to their app, requiring them only to stick a blank html page on their server and set the app to load it, with a unique page URL for every version. Then they only have to add a single line of basic html content when they want users of that version to upgrade or update. As long as there is no content to display, the little stripe of a browser will remain blank and invisible to the user, but it’s still loading the blank page from the developer’s server.

Comment? Question? Reply...?