Third of Internet Explorer users at risk from active attacks

Microsoft confirms both IE9 and IE10 contain vulnerability, urges customers to upgrade to IE11; leaves Vista users out in the cold

By Gregg Keizer | Computerworld US | 14 February 14

Microsoft late Thursday said that both Internet Explorer 10 and its predecessor, IE9, were under attack by hackers exploiting an unpatched flaw in the browsers.

The extension of the vulnerability to IE9 followed confirmation earlier yesterday that active attacks are compromising the newer IE10 and hijacking PCs running the browser.

"Microsoft is aware of limited, targeted attacks against Internet Explorer 9 and 10. As our investigation continues, we recommend customers upgrade to Internet Explorer 11 for added protection," a Microsoft spokesperson said via email.

With both IE9 and IE10 vulnerable and under attack, it means that about a third of all those using Internet Explorer are at risk.

According to Web analytics vendor Net Applications, IE9 accounted for 15.3% of the total IE user share last month; IE10's share was 15.9%. Together, the two editions represented 31.2% of Internet Explorer's January user share.

... ...

Microsoft's advice to customers that they upgrade to IE11 was not possible for those still running Windows Vista. That 2007 operating system cannot run either IE10 or IE11. Most Vista users are likely running IE9, since Microsoft automatically upgraded their copies of from IE7 or IE8 to the then-new IE9 in the first half of 2012.

The only silver lining is that few Windows users run Vista: Last month, the oft-disparaged OS represented just 3.6% of all editions of Windows.

[Note that only the 3.6% of computers (those still running Vista) can't use the later IE11, but 31% still are running the vulnerable versions. Upgrading ASAP is recommended for those who can. It's possible that a workaround might be issued later for those stuck with the older versions, but it's unlikely to be a full patch.]

John