A critical flaw in Internet Explorer's security puts all Windows users at risk, even with other standard browsers. Kaspersky discovered on Wednesday a malicious attack that uses Word to extend IE vulnerability and hit Chrome, Firefox or even the standard Windows 10 Edge. The problem could lead to data theft or money, for example .
Microsoft is already aware of the issue and has released a fix for download. There are still no records of victims in Brazil, but the attack may reach the country quickly, according to the cyber security company.
How to install Windows 10 April 2018 Update
Security failure can hit computers worldwide
According to Kaspersky, the attack takes advantage of the hacker-exploited vulnerability CVE-2018-8174, even before it is discovered. Type failures are known by the term "Zero Day", as they allow access by criminals before any fix is available.
According to Dmitry Bestuzhev, director of Kaspersky Lab's Analysis and Research Team, the requirement for discretion at the beginning of the attacks made the action more targeted, with victims initially only in Russia and China. However, with the disclosure of the breach, the case volume should increase.
Brazil can be an easy target because of the presence of a large number of machines with a fake version of Windows. "The main problem for Brazil is that the piracy rate is incredibly high, even some companies use pirated software, which means that these users can not get updates and fixes, " says Bestuzhev.
Internet Explorer has an unknown security hole; know how to upgrade
How it works
The malicious attack has great potential for infection, as it is not only effective on outdated machines, it is not restricted to Internet Explorer users. Hackers distribute a Word document in .rtf format that opens an HTML file in IE when downloaded by any browser. The document can be made available on infected sites or arrive via email.
HTML loaded in IE forces abnormal behavior because of the vulnerability. After this phase, the system opens the way for the remote execution of codes with several objectives. "Any malicious purpose. It could be data theft or money, data destruction, etc., " says Bestuzhev.
How to protect yourself
Internet Explorer is installed on any version of Windows, even if it is no longer used on a day-to-day basis and is not configured by default - as in the case of Windows 10. Therefore, even those who do not use the old browser should download the fix for themselves. keep safe.
The fix pack has already been released via Windows Update, so it should arrive quickly to the PC if the feature is set to work automatically. Already computers offline or with pirated software only have one option: download the solution manually through the official website. Check out, in the tutorial below, how to download the Windows fix pack.
Step 2. Look in the table for the version of Windows installed on your computer and click on the corresponding "Security Update" link;
Download the update for your operating system
Step 3. The following screen separates the downloads by the processor architecture. Select version 32 or 64 bits, according to your PC;
Download the package in 32 (x86) or 64 (x64) bits
Step 4. Click the link to download the update file;
Download the fix pack for Internet Explorer
Step 5. Finally, double-click the downloaded file to run the installer and apply the update.
Run the update installer on your computer
Ready. Protect your computer from hacking with the Microsoft patch package.
How to remove viruses from the PC? Discover in the Forum.
How to find the Wi-Fi password for your current network in Windows