As you already know, Microsoft recently ended support for older versions of IE (Internet Explorer). Currently, only IE9 for Windows Vista and Windows Server 2008, IE10 and IE11 are regularly patched. If you are using an older version of IE, your system may be prone to a range of malicious attacks.
Having said that, this Patch Tuesday KB3134220 was released. The update addresses critical security vulnerabilities in IE9 and later versions. However, if you’re not on any of the latest IE versions, you’re in danger.
Why you should update to IE9 or a laterversion
What the most likely case with the vulnerabilities patched in Feb 2016 Patch Tuesday is that most of them were IE-related. Hence, more than two-thirds of the flaws patched by Microsoft presumably existed on ‘resigned’ IE versions.
Keep in Mind
There’s a huge risk coming from unpatched vulnerabilities that are known to cyber criminals. Did you know that cyber criminals examine the code before and after an update, and easily figure out what was altered. Then, this information may be used to further analyses and, at some point, the patch can even be reverse-engineered.
This is how bugs are located by malicious actors. Once the bug is discovered, an exploit is crafted.
The result? Software that is not patched in successfully attacked. That is why not only the update is important but also its immediate application. The longer you wait, the more time cyber criminals have to craft an exploit.
This is how researchers at Computer World explain an attack scenario involving IE flaws:
In this case, the vulnerability found in, say, IE9 on Vista — which was patched this week — may give them insight into the location of the bug in the older IE8. From there, they can create an exploit for the unpatched browser.
Why would cyber criminals spend so much time on reverse-engineering IE patches? It’s obvious – there are too many IE users out there that continue to run old and unsafe versions of the browser. In addition, data analyst Net Applications say that about a third of users running IE just last month used an older, unpatched version of the browser, which hasn’t received security updates.
Are you one of those users?