A number of Internet security providers, including McAfee, Trend Micro, and F-Secure are reporting that exploit code for the Internet Explorer 7 vulnerability, patched by Microsoft last week, is now circulating in the wild.
If you have not downloaded and applied this patch you should do so immediately. If you have Automatic Updates enabled on your computer, then this patch has already been applied. Careful users will verify that this patch, has in fact, been applied.
Security vendors have noted that emails which take advantage of this vulnerability, are now circulating on the net that have an attached MS Word document, which if opened, will allow a cybercriminal remote control over the now infected machine.
- Loss of personal data.
- Malicious application installation.
- Possible botnet connection.
Given the abysmal state of Internet security, there is no doubt that unpatched systems will be attacked! Take the time to ensure your system has been updated correctly.
Minimum email security precautions:
- Don’t open emails that come from untrusted sources.
- Don’t run files that you receive via email without making sure of their origin.
- Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web site designed to download malware onto your computer.