The Redmond Giant has issued a critical security advisory in the interest of Internet Explorer users. Reports are in that, a security vulnerability in all supported versions of IE has been let loose.
What is the Vulnerability?
In its official security advisory, Microsoft has reported the vulnerability to be a remote code execution (RCE) vulnerability. This security flaw has been labelled as “CVE-2013-3893”. Given the fact that, this vulnerability has no available patches at the moment, it is a zero-day security flaw.
Note: A zero-day security flaw is one that gets exploited by hackers before any security patches are released to fix it.
What are the affected Versions of IE?
Internet Explorer 6, 7, 8, 9, 10 and 11 are the affected versions.
According to the company, incidents of malwares exploiting the vulnerability in IE 8 and IE 9 have already been reported. Users must understand that, this does not imply that the other IE versions are any safer.
Is there any Fix?
Although Microsoft has not released any security patch, it has released a temporary Fix it solution called “CVE-2013-3893 MSHTML Shim Workaround”. As the name suggests, this solution is only a workaround (temporary patch), and is not a cure for the underlying problem. Until an official security patch is released, this workaround will help prevent attackers from exploiting the vulnerability in the affected versions of IE.
Follow this link to apply the Fix it patch.
Note:
The Fix it patch only applies to 32-bit versions of IE. For those using 64-bit IE, they would have to wait until Microsoft releases an appropriate software update. In the meantime, they are advised to use browsers other than IE.
Users of 64-bit IE can also install Microsoft’s Enhanced Mitigation Experience Toolkit. This toolkit can be used to tweak Windows security technologies, and reduce the risk of attacks. However, PC novices may find it difficult working with this toolkit. Even users who are tech-savvy are recommended to follow the User’s Guide before putting this toolkit into use.
Thus, most experts have recommended that users are better off surfing the Internet with an alternative browser, until a permanent patch for the vulnerability comes in.
How does an Attacker use the Vulnerability?
As mentioned, this vulnerability can allow an attacker to gain remote access of the victim’s computer. How damaging this remote code execution can be, depends on the user rights the user is logged on with. For instance, if the victim is logged on as an administrator, then the attacker can gain the same user rights can get complete control of the system.
How is the IE Vulnerability Exploited?
The IE vulnerability can be exploited only with the help of malicious websites designed by the attacker. And for this, the attacker must trick or convince the victim to visit the site. For this, the attacker may send the victim an email containing a link to the website, or an email attachment that redirects the user to the website. In some cases, websites that allow users to add content, are also used by hackers to exploit the vulnerability.
Note: Microsoft has announced that, its server platforms are not susceptible to this vulnerability. By default, Internet Explorer on Windows Server platforms runs on restricted mode. This mode prevents a normal user and even an administrator from downloading malicious websites that are capable of exploiting the vulnerability.
Recommended Measures
We recommend users to consider taking the following measures, to cut the risk of the CVE-2013-3893 vulnerability:
For a more detailed report on the IE vulnerability, you can read this official security advisory, released by Microsoft. We will keep our readers updated about any further developments on this matter. Let’s hope Microsoft does not take too long before releasing a complete fix.
31 Comments
I am having quick heal total security installed, but I am unable to open QUICK HEAL SECURE Browser, as whenever I try to open QH secure browser, the message comes – Unable to open QH browser as it only supports IE,Chrome or Mozilla. My default browser is IE 8.
Hi Himanshu,
Kindly contact our support team at 0-927-22-33-000.
You can also raise a query at https://www.quickheal.com/submitticket.asp. Our support team will get back to you to resolve the issue you are facing.
We would also like to advise you to surf the Internet using Chrome, Mozilla, Safari, etc., instead of IE.
Regards,
It’s nice
The Microsoft Fix it patch is only for Internet Explorer 32-bit versions. What about 64-bit versions?
Hi Mark,
Kindly find the answer to your query in the post.
Regards,
its nice
virus protection not work properly.
Hi Ashu,
Kindly contact our support team at 0-927-22-33-000.
You can also raise a query at https://www.quickheal.com/submitticket.asp. Our support team will get back to you to resolve the issue you are facing.
We would also like to advise you to surf the Internet using Chrome, Mozilla, Safari, etc., instead of IE.
Regards,
It is quite informative and important
its supar sarvice
i have re-intall my coumputer after the crashed that is the reason why i have intalled again QIS Total SECURITY
It is quite informative and important. I am using this quick heal total security .And it scan viruses very quick.
very good
It`s nice protector….
thanks quick heal
sir your quickheal is osem..?
sir quickheal is dest……….?
v.good
Sometime my laptop are hang for 30 sec or more i don know what is really wrong with this one help me out please.
Hi!
Himanshu,
Thanks for updating with the recent article.Hence, I’d rather choose to use other browsers than that of IE and that too with QH safety browsing.
I am not a computer expert. I just know to use for opening as well as sending the Mail. some times to search some information. My computer Laptop was purchased by my children who are busy with their activities. I do not know how Quick Heal can oblige us.
Hello Mr/Ms Sukhwal,
For emailing and searching information, you use the Internet on your laptop. And as useful as Internet is, it is the main tool for hackers to target their victims. Quick Heal does not only promise to protect your machine, but it also helps improve its performance and health. You can drop in by our website anytime, if you wish to know what Quick Heal Security Solutions have to offer.
Regards,
Rajib
Hi,
Rajib Singha
Quick Heal Internet Security
give me BEST result
hii,I am using Quick heal security.bt it is trial version.Does it work like Quick heal mobile total security.
Hello Ujjwal,
Quick Heal Mobile Security (QHMS) protects Android and BlackBerry devices from unseen threats. It also offers call and SMS blocking functionality. Its Anti-Theft feature helps you track, lock and even wipe your device in case it is lost or stolen.
Quick Heal Total Security offers all-round protection for Android devices. Apart from having all the basic features of QHMS, it includes Parental Control, cloud backup, and even network monitoring. For more information on both these products, follow:
https://www.quickheal.com/in/en/qhmbs
https://www.quickheal.com/in/en/qhmtsa
Regards,
Hi Rajib, thanks for the alert.
I Just want know that if any device previously exposed to such kind of things, so haw can we detect…
Rajib, your alerts and explanations are really helpful.. Thanx
I think , its fantastic antivirus. It protects my full phone from viruses. It gives timely reports to me with results. I think it is the best ever I had.
i have recently installed quick Heal Antivirus pro 2013 , it says its outdated i must upgdade but if i do it does not update
Hello Du Mabaso,
Kindly contact our support team at 0-927-22-33-000.
You can also raise a query at https://www.quickheal.com/submitticket.asp. Our support team will get back to you to resolve the issue you are facing.
Regards,
sir i have a virus on my sd card…. but sir my antivirus is not catching this virus plsss sir helppp me……..
Hi Furkan,
Kindly contact our support team at 0-927-22-33-000.
You can also raise a query at https://www.quickheal.com/submitticket.asp. Our support team will get back to you to resolve the issue you are facing.
Regards,