A critical flaw in Internet Explorer security puts all Windows users at risk, even with other standard browsers. Kaspersky discovered on Wednesday (9) a malicious attack that uses Word to expand the vulnerability of IE and target Chrome, Firefox or even the Edge, standard of Windows 10. The problem could cause theft of data or money, for example .
Microsoft is already aware of the problem and has released a downloadable fix pack. There are still no casualties recorded in Brazil, but the attack could reach the country quickly, according to the cybersecurity company.
How to install Windows 10 April 2018 Update
Security breach could hit computers worldwide Photo: Reproduction / brandprotect
According to Kaspersky, the attack takes advantage of the vulnerability CVE-2018-8174, exploited by hackers, even before it was discovered. Faults of this type are known by the term "Zero Day" ("Zero Day", in Portuguese), as they allow access by criminals before there is a correction available.
According to Dmitry Bestuzhev, director of Kaspersky Lab's Research and Analysis Team, the demand for discretion at the beginning of the attacks made action more targeted, with victims initially only in Russia and China. However, with the disclosure of the loophole, the case volume is expected to increase.
Brazil can be an easy target due to the presence of a high number of machines with a fake Windows version. "The main problem for Brazil is the following: the piracy rate is incredibly high. Even some companies use pirated software. This means that these users cannot get updates and patches," says Bestuzhev.
Internet Explorer has an unknown security flaw; know how to update Photo: Paulo Alves / TechTudo
The malicious onslaught has great potential for infection, because, in addition to being effective on outdated machines, it is not restricted to Internet Explorer users. Hackers distribute a Word document in .rtf format that opens an HTML file in IE when downloaded by any browser. The document can be made available on infected websites or arrive via email.
The HTML loaded in IE outside the abnormal behavior due to the vulnerability. After this phase, the system opens the way for the remote execution of codes for various purposes. "Any malicious purpose. It could be theft of data or money, destruction of data, etc.", says Bestuzhev.
Internet Explorer is installed on any version of Windows, even if it is no longer used on a day-to-day basis and not even set as standard as in the case of Windows 10. Therefore, even those who do not use the old browser must download the patch to keep safe.
The fix package has already been released via Windows Update, so it should reach the PC quickly, if the feature is configured to work automatically. J computers offline or with pirated software only have one option: download the solution manually through the official website. Check out, in the tutorial below, how to download the Windows patch package.
Step 2. Search the table for the version of Windows installed on your computer and click on the corresponding Security Update link;
Download the update for your operating system Photo: Reproduo / Paulo Alves
Step 3. The next screen separates downloads by processor architecture. Select the 32 or 64 bit version, according to your PC;
Download the package in 32 (x86) or 64 (x64) bits Photo: Reproduo / Paulo Alves
Step 4. Click the link to download the update file;
Download the patch package for Internet Explorer Photo: Reproduo / Paulo Alves
Step 5. Finally, double-click the downloaded file to run the installer and apply the update.
Run the update installer on your computer Photo: Reproduo / Paulo Alves
Ready. Protect your computer from hacker attacks with the Microsoft patch package.
How to remove viruses from PC? Find out in the TechTudo forum.
How to find your current network's Wi-Fi password in Windows