The zero day bug that left many Internet Explorer users vulnerable to security theft last week has apparently exploited many government and corporate computers. Although, Microsoft has already released a security patch for the bug found in Internet Explorer (6-11) it seems that the damage was done by the time the vulnerability was fixed.
An internet security firm Fireeye stated “We have also observed that multiple, new threat actors are now using the exploit in attacks and have expanded the industries they are targeting. In addition to previously observed attacks against the Defense and Financial sectors, organization in the Government- and Energy-sector are now also facing attack.”
While explaining the nature of attack Fireeye says that hackers first targeted newer version of Internet Explorer that includes 9,10, and 11. Although, major number of exploitation attempts were made on Windows 7 and Windows 8 older version of Windows operating system and browser IE were equally vulnerable.
The nature of this Zero day bug was so deadly that the US Homeland Security advised all Windows users to avoid browsing with Internet Explorer until Microsoft fix the bug.
Microsoft first warned its users about the bug on April 26 but Internet Explorer users were vulnerable to the bug until Microsoft released the security patch on May 1. The lack of awareness about the bug worked in favor of cyber thief as they attacked on many Internet Explorer users in this 5 day period.
If you use the Windows Internet Explorer to browse the web make sure to download its latest security update. Most windows users might already have an automatic update option enabled but those who have manual setting should download the latest security patch before using IE again.