Microsoft has released YAIESA, or Yet Another Internet Explorer Security Advisory if you prefer. This time, SA2757760 warns about a new zero-day out there in the wild which impacts all users of Internet Explorer 9 and earlier versions. It's the usual case of targeted attacks being spotted which could lead to the remote execution of malicious code if you happen to view an infected website.
Although users of Internet Explorer 10 are not affected according to Microsoft, which accounts for a tiny minority of IE users of course, this does amount to what I see as the final nail being hammered into what has already become quite a creaky web browser client coffin of late; and here's why.
Microsoft has issued a number of 'workarounds and mitigations' that can be deployed to protect users. There's the 'Enhanced Mitigation Experience Toolkit (EMET)' for starters. Or a temporary patch, to you and me, which requires a fair bit of configuration fiddling to be of any use. Fiddling such as, and I hope you are sitting down with a cup of tea and some time to spare, the following:
Changing your Internet and local intranet security zones to the high setting in order to block ActiveX Controls and Active Scripting, which Microsoft admits will hit you in the usability stakes so further recommends you add trusted sites to your trusted sites zone. Quite how you are expected to know what sites can be trusted not to have been infected by the zero-day exploit is, frankly, beyond me. Microsoft hasn't finished yet though, also recommending that users of Internet Explorer should configure it to prompt before running Active Scripting (or even disable Active Scripting in the aforementioned zones) which, it adds, will once again disrupt your using of sites that are not in the trusted zone. Deploying the Enhanced Mitigation Experience Toolkit (EMET) is also recommended, but tough luck if you do not speak English as it's only available in that language.
I have some difference advice which is a lot simpler, and guaranteed to be effective against this particularly serious zero-day threat: stop using Internet Explorer and switch to Chrome, Firefox or Safari instead.
