In mid-January 2020, Microsoft issued advisory ADV200001 warning of a vulnerability in the scripting engine of Internet Explorer. Yes, I know, that’s gibberish to most of you. It means that there could have been an attempt to execute code in attack mode via that browser. How? You could have received an email with a link that explicitly opened Internet Explorer (even if it wasn’t your default browser) and been sent to a malicious web site specifically designed by bad guys. If exploited successfully, the attacker could have gained access rights to your computer. As Microsoft put it at the time: “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
That’s very bad (I’d segue into the Ghostbusters “don’t cross the streams” theme about the definition of the word “bad,” but I’m sure you get the idea).
At the time, Microsoft did not have an immediate fix. As of February’s “patch Tuesday,” they announced one with the heading “Security Advisory CVE-2020-0674.” Microsoft will be patching desktop operating systems from Windows 7 clear through the latest version of Windows 10, plus a slew of server operating systems.
The Network Operations Center will be testing this set of updates for the next seven days. If the patches pass those tests, then the updates will be available for all of you by the end of next week. In the interim, I have only one thing to say: DO NOT USE INTERNET EXPLORER, USE ANOTHER BROWSER! There are several to choose from, for example, Mozilla Firefox, Google Chrome, Opera (which I didn’t recall as being around, but it still exists) or Brave (which I’m sure you’ve never heard of), heck there are probably some of you who use Edge in Windows 10 (heaven help you). If you’re not sure what browser is your default, write to me and I’ll let you know.
But let’s get down to the meat of this: If Microsoft announced the problem on January 17 and only released the solution on February 11, the bad guys had a considerable amount of time to take advantage of the vulnerability, and yet the world didn’t come to a screeching halt. But I don’t – for one minute – want to suggest that you not patch a known vulnerability. What I recommend, instead, is a moderate amount of common sense. And the best way to implement that would be to stop using the problem-plagued browser, even after your computer receives the patches.
Bottom line: this exploit is explicitly for IE – so to avoid any possible unpleasantness, don’t use it. Simple really.
Thanks and safe computing!