Microsoft stopped supporting older versions of Internet Explorer in January and now only supports IE9 for Server 2008 and Vista. Both IE10 and IE11 are still getting patches at the moment. What this means is that the older versions of IE are becoming more vulnerable to hacking as new holes are being discovered.
There have already been instances of this happening, as the last patch release from Microsoft was rolled out for Internet Explorer security updates, fixing flaws that affected every version of IE, but only the most recent versions had patch releases.
Patch MS16-009 is a cumulative security update released for IE KB3134220. It corrects critical vulnerabilities in security of IE9 and newer. If you are using an earlier version, you are now in danger of being hacked.
Always check unknown source links twice
It was explained by Microsoft that the execution vulnerability can only be triggered and exploited by a user loading a website that was compromised, while using a version of IE that is still vulnerable to the attack or that hasn’t been patched.
The company stated that “attackers that have exploited the vulnerability successfully can obtain the same user-rights that the currently logged in user has. That means, if the current logged in user is the administrator, the hacker would possess the same rights as the administrator, and can take control of the system that’s been affected. This would allow the hacker to install programs and view, modify, or even delete data. Additionally, they could create new accounts that allow full user rights.”
Installing the latest update patch changes how IE handles the objects in the memory and also corrects the way it parses HTTP responses. It will also be checking twice to ensure that cross-domain policies are being enforced properly, stated Redmond.
If you are curious, the patch will be released for Windows 10 as well, and even if your default browser is not Edge, it is still mandatory to install the new update. This is because some apps could be using IE to obtain internet access. Without patching, a vulnerable hole opens for an attack on the computer.