Attention Internet Explorer users!

Internet Explorer 0-day vulnerability discovered

This is big, folks!

Earlier this week security researcher Eric Romang was studying the Chinese web servers used in the recent Java 0-day exploits (See my previous Junk You Java article) when he discovered they are exploiting a previously unknown vulnerability in Internet Explorer. As this was/is located on a server known to be connected with many previous attacks including recent 0-day Java exploits and the Nitro attacks from 2011 it is safe to say that this exploit is in the wild!

Users running Internet Explorer versions 7, 8, or 9 are susceptible to this exploit, which means virtually all users of Windows XP, Vista, and Windows 7 who browse the internet with Internet Explorer. This does NOT affect users of Windows 8 and IE 10.

Computers can be compromised simply by visiting a malicious site and the attacker will have the ability to install keystroke loggers, malware, and access local assets.

At this time Microsoft has NOT released a patch for this vulnerability, but has issued a Security Advisory advising users to install EMET (Enhanced Mitigation Experience Toolkit), however EMET is not especially easy for a user with normal experience levels to setup and the installation/configuration of EMET does not appear to circumvent all aspects of this exploit!

I highly recommend DCT readers install and use either Firefox, Chrome, or Opera browsers until Microsoft is able to issue a patch for this vulnerability! For even greater protection uninstall Java if at all possible, or at least disable it in all browsers.

You can read more about the initial discovery at the National Vulnerability Database or Eric Romang’s blog.

Posted in:
About the Author

David Hartsock

Executive Editor/Owner/Admin of Daves Computer Tips and all-around good guy - Dave's interest in computers began in the early 1980's during the Apple II era. In the early 1990's the PC began to replace proprietary and mainframe devices in Dave's industry so he began to learn and experiment with the PC. Through DOS, Windows 3.1, Windows 95, Windows 98, Windows 2000, Windows XP, Vista, Windows 7, Windows 8.1, and now Windows 10. Dave became the "go to" guy for friends, family, and coworkers with computer problems. Daves Computer Tips was born in 2006 in an effort to share these experiences with others in an easy to understand, plain English, form.


  1. UPDATE: Microsoft issued a fix via Windows Updates (KB2744842) on Friday 21st to plug this vulnerability. Anyone with Windows Updates set to automatic should already have the fix installed now, anyone with updates not set to automatic should apply this fix as soon as possible.

    • Jim, you are absolutely right … I updae automaatically – and found the notificaation thsi morning on my laptop …. ūüôā