After the Google episode, it's Microsoft's turn…
Internet Explorer is used by millions of people around the world and the news of major security flaws in a Microsoft newsletter is not going to reassure them. The relevant versions range from IE6 to IE11, recently released. This means that a large number of Internet users who have used this browser may have been victimized at some point in their use without knowing it for a second.
A loophole that offers total control
This flaw on Internet Explorer has a very simple but particularly formidable operation. It would allow a hacker to completely control his victim's computer remotely from the moment he goes to a specific web page. Of course, phishing techniques have been put in place to attract users in a way that seems natural and to shoot down the trap on them with dramatic consequences as soon as the computer is infected since it is no longer really possible to access certain commands.
A newsletter was issued by Microsoft for all users of these versions of Internet Explorer, just as the update was sent directly to all devices operating with this type of browser. The correction was therefore developed immediately in order to fill this possibility of entry into the different computers via multiple processes. Once the damage is done, it is very difficult to recover his device.
An urgent update
This flaw was deemed critical on all Microsoft operating systems so an update via Windows Update was immediately put in place to address this issue. The risk will always be present until the user has made this correction available but some of them tend to delay updates because they block access to the computer for several minutes. It will therefore be necessary to proceed as quickly as possible to protect ourselves.
Just go to the Windows Update part of your computer and look for that critical update that will then be flagged in red. You just have to do it to fix the problem. For people who have set up their computer for automatic updates will not have to worry about this manipulation because the updates are programmed in advance and will then be done at the specified time, allowing the user to always own a secure computer.
Access to SSL 3.0 strongly discouraged
In the same process of securing users' accounts and their data, Microsoft saw fit to warn about the use of this data security protocol which showed some signs of weakness. It has therefore been removed for individuals in order to avoid mass piracy. Access has been left free for businesses, while emphasizing that its use jeopardizes a company's most important data. Frequently used for accounting, it then leaves access to the company's accounts, various transactions and by extension to the bank details of each of them.
Microsoft strongly recommends switching to the TLS 1.2 version, which has been developed to provide a more appropriate response. Filling all the security flaws observed on previous versions, it now appears to be the most effective security protocol. Where possible, Microsoft draws attention to the value of focusing on recent web applications and servers. They are formulated to combat attacks suffered by previous versions and constitute a protective barrier.
Illustration source: Flickr.