Exploiting the flaw allows hackers to execute code — in other words, plant malware on a machine — and opens Windows XP, Vista and Windows 7 to drive-by attacks that only require getting victims to visit a malicious or compromised website.
That means that:
- if you use an unpatched version of Internet Explorer (and at the time of this writing that would be all versions since the patch hasn’t been issued) and
- if you visit a web site designed to exploit this vulnerability …
you could end up with malware being downloaded to your system without your knowledge.
Clearly, when the patch comes out, you should apply it. Better still, turn on Windows Update and let it do the dirty work automatically.
In the meantime you can either choose to use another web browser such as Firefox or Chrome or just be really careful which web sites you visit.
In fact, you should do that last bit every day anyway. The problem, of course, with that is that you can’t really know for sure which sites might infect you but you can, however, lower the odds considerably by not visiting unknown or dodgy sites.
Just as in the physical world, sticking to the well traveled streets rather than veering off into the alleyways in bad neighborhoods and you will be safer but, crime can happen anywhere.
It can be a pain at times as some sites won’t render correctly without these features turned on but at least it puts you more in control of the situation and that can me the difference between dodging or taking a direct hit on the next drive-by browser attack.