If you’re one of the people who make up the nearly 24% of Internet users on Internet Explorer, now is a good time to click on ‘Check for updates.’ Researchers have found yet another Metasploit Zero-Day exploit that leaves IE 7, 8, and 9 vulnerable for Windows users.
Brought to us by the same group as the Java 7 exploit a few weeks ago, this one uses a malicious site to install the Poison Ivy backdoor trojan while unsuspecting users browse. Once installed, it basically gives the attacker the same privileges as the user. It works on computers running Windows XP, Vista, and 7, and the CSO of Rapid7 told Ars Technica that “This is one of the few times that a vulnerability has been successfully exploited across all the production shipping versions of the browser and OS.”
The good news is that Microsoft has confirmed that the exploit doesn’t work on IE 10, so you should download the preview if you plan to keep using the browser. Your best bet, though, is to backup your bookmarks and switch to Firefox or Chrome until there’s a fixbetter safe than sorry!