- slide 1 of 3
Internet Explorer Security Flaws
Internet Explorer has been subjected to many different security concerns which prompted organizations and governments to recommend switching to alternative browsers. The problem is often found in the old and not patched versions of IE. The most affected versiosn of Internet Explorer are version 6 and below due to a lack of security features that the newer version has.
You will notice security reports, advisories and bulletins for Internet Explorer from researchers and from the vendor, Microsoft. When a researcher reports Internet Explorer security flaws, it is checked and rated for severity by Microsoft or a third-party vulnerability tracking coordinator, such as SecurityFocus or Secunia. The security rating depends on whether there are known or unknown exploits in the wild, require or do not require user interaction, if sensitive data is exposed and/or if the attack is locally exploitable only.
Image Credits: Wikimedia Commons/Microsoft Corporation (http://commons.wikimedia.org/wiki/File:Internet_Explorer_wordmark.svg)
- slide 2 of 3
Example Security Flaws in IE
Examples of security flaws in Internet Explorer that have been rated for criticality are as follows:
- Internet Explorer XSS Filter Cross-Site Scripting Weakness – Secunia rated this particular security flaw in IE8 as non-critical. Microsoft has acknowledged the report and issued a response and has released a cumulative security for IE (MS10-035).
- Internet Explorer "Print Table of Links" Cross-Zone Scripting – This security flaw in IE6 and IE7 is rated as less critical and no fix other than upgrading IE to the newer version 8, which is unaffected.
- Internet Explorer 7 Window Injection Vulnerability – Rated as a moderately critical security issue in IE7. There’s no security fix but to use IE8 which is not affected.
You will notice that I did not provide an example of security flaws in IE that have high or extremely critical rating. This is because all security issues in IE with the said rating have been fixed by the vendor. At the time of this writing, Secunia reports 4 security issues in IE8 that are not yet fixed while IE7 and IE6 have 10 and 23 vulnerabilities, respectively that have not been patched. None of these not patched vulnerabilities have high or extreme severity ratings. Older version of IE are obviously insecure to use
- slide 3 of 3
Does Using an Alternative Browser Prevent Malware or Exploits Caused by Security Flaws?
No. An alternative browser should be used, if you like the way that another browser works. It’s a user’s choice on which browser you prefer in using. Using an alternative browser does not prevent security problems because other browsers have vulnerabilities as well, that are not fixed yet. Also, other browsers has been affected too by malware infections and browser hijacks.
Browser vendors and developers highly recommend upgrading to newer versions of their installed browser. New versions of browsers are less vulnerable; They have fixes and improved security features to defend against known security flaws.
Third-party software in your computer may be using IE or its modules and components to function. Using an old version of IE is not recommended because it will be affected, no matter how it is configured.
Always install the latest security updates for Windows and use up-to-date security tools such as antivirus and firewall software to help protect your computer and data.