Exploits to popular applications are just a byproduct of human created software. The current advisory from Microsoft calls into question whether or not one should use Internet Explorer at all, especially if you are still running the unsupported Windows XP. Adobe has issued a patch for Flash as part of this exploit, which you should also update.
Who does this exploit affect?
This is affects every version of Microsoft Internet Explorer since version 6 (released in 2001) through to the latest released version. So until Microsoft patches this or you implement one of the workarounds, it affects you if you use Internet Explorer.
The exploit happens when you actually click on something on an affected website, hackers could gain the same level of permissions as the current user (potentially administrative rights) and take control of the system. Hackers probably aren’t targeting you, they simply want to take control of as many machines as they can. It’s nothing personal.
What do I have to do to protect my computer?
Microsoft has issued a number of workarounds in their advisory, and one of our Tech Kahunas can certainly help work with your company to implement these for you. Eventually they will issue a patch for currently supported software, but this means that earlier versions of Internet Explorer may not get patched.
Alternatively, you could stop using Internet Explorer and switch to either Google Chrome or Mozilla Firefox. There are many people who will give you lots of good reasons never to use Internet Explorer again. Your company or organization may have a specific reason why you have to use Internet Explorer, so talk with your IT department or ask us whether you have to use Internet Explorer.
How serious of a threat is this really? Can I simply do nothing and be okay?
It depends. If you search the Internet regularly, and go to websites and click on links in websites, you could potentially go to a site that has the exploit, click on something on that site and a hacker would gain control of your machine.
A few things to take into account. Government security teams in the US, UK and Sweeden all advise you to not use Internet Explorer. So it is big enough of a deal for them to make a statement.
Once this is fixed, am I safe?
Safe from this current exploit, yes. Safe from future exploits, no. There will be another exploit discovered, and another. Patching and updating software is part of the requirements for keeping systems healthy. It’s maintenance that has to be done to keep the system running properly. Switching to Chrome or Firefox is a good idea because those applications manage the update process automatically, so you always run the latest version. The maintenance is built into the operation.