Guidance for Internet Explorer vulnerability

On April 26, 2014, Microsoft notified customers of a vulnerability in Internet Explorer. To date, we are aware of limited, targeted attacks and are working on a fix.

UPDATE: Microsoft released a security update for this vulnerability on May 1. For more information, see Available now: Security update for Internet Explorer.

We encourage you to take steps that protect your PC such as enabling a firewall, applying all software updates, and installing antivirus and antispyware software.

In addition:

1. Exercise caution when visiting untrusted websites. Avoid clicking suspicious links or opening email messages from unfamiliar senders, which could send you to a malicious website that delivers malware to your computer.

2. Turn on “Enhanced Protected Mode” in Internet Explorer 10 and 11. Some versions of Internet Explorer have this setting on by default. To turn on Enhanced Protected Mode:

a. Click Tools in the Internet Explorer task bar and then Internet Options.

b. Click on the Advanced tab and then check the box next to Enhanced Protected Mode.

3. Download and install EMET 4.1, a Microsoft security tool, for an additional layer of protection.

As criminals become more sophisticated, it is important to keep current with software that has the latest security protections built in. Modern browsers and operating systems have greater security features than older operating systems.

Note: Microsoft no longer provides security updates for the Windows XP operating system and encourages upgrading to a modern operating system like Windows 8.

To learn more, visit How to boost your malware defense and protect your PC.

About the Author
Eve Blakemore

Group Manager, Trustworthy Computing

Eve Blakemore is a Group Manager for Trustworthy Computing who delivers consumer guidance around the latest trends in security and privacy. Eve joined Microsoft in 1998 and has worked in corporate and field roles with Microsoft Learning, US Public Sector, Read more »

Join the conversation

39 comments
  1. Anonymous

    That's it? That is ALL you're going to tell us? Thank-you, for nothing!

    You couldn't tell us if it's in JAVA, and to simply turn it off for now, for a few sites, or until it's patched??

    You couldn't tell us if it's a PLUG-IN or ADD-ON, so we could do SOMETHING for a 'grain' of protection?

    You couldn't tell us to set a firewall setting or custom rule or a temporary disable? Something!? Anything!?

    You couldn't tell us to AVOID FINANCIAL TRANSACTIONS on IE for now??  Or how much RISK it poses!??

    You couldn't tell us WHICH VERSION is vulnerable? Where it came from or what it does!? so we can TRY to AVOID IT!!

    You couldn't tell us ANYTHING???

    Well, Thanks for all that, i'll be sure to run right out to fix this, and then wonder where the heck i'm going!!

    YOU ARE USELESS!!

    Whomever thinks this is an acceptable security warning, has LOST THEIR MIND!!

    Fred 'Zilla, Wash,DC.

  2. Anonymous

    How about tell us when the fix will be out?

  3. Anonymous

    What specific Microsoft apps will break if you unregister VGX.DLL as per the mitigation steps?

  4. Anonymous

    Frankly, this is very general and unhelpful information since it simply states best practices that are not specific to this vulnerability.

  5. Anonymous

    i know nobody cares but i want to say" shame on you,microsoft!" i cant beleive  as succesful your company has been to end windows xp support and the solution is just go buy another computer! i have worked since i was 14yrs old and in 2007 i borrowed money to buy my laptop,i was 47 yrs old and i was not that excited to get a computer and i found it to be very frustrating,but after time i enjoy it and have become dependant on it , i am now 55 years old and i take care of my mother who is 91 with dementia,i had to quit my job march 2 ,because after 10 years i couldnt take the abuse from the bully i worked for,and i cannot leave my mother alone anymore,and maybe im a fool but if it kills me my mother will be taken care of by me! i believe its my duty and honor to take care of my mother just as much as people have a duty and law to take care of your children.bottom line i dont know how to keep a roof over our head or food on the table and your company says just go buy a new computer! thanks a lot ,god bless you and i wish you well,sincere regards Dennis A., Garden Grove,calif

  6. Anonymous

    I received a call at 7:30 a.m. from an "alleged" Microsoft representative stating that my computer had been identified by Microsoft as vulnerable.  They asked if I was on the computer, and I said yes, but, that I had no way to know if they were who they said they were.  The response was that they could prove their legitimacy by giving me my serial number.  I still resisted and said I would be willing to hire a tech, but not willing to go-online.  They then disconnected on the phone.  Was this legitimate?????

  7. Anonymous

    My computer showed a an adobe flash down load today which I did not do. Additionally, I now have a pop up on my Outlook questioning my SMP or IP address. How do I know if my computer has been infected or information stolen, etc.

  8. Anonymous

    The memo says as of April 26 Microsoft notified customers. I was not notified.

  9. Anonymous

      I heard on the news to turn off Adobe . As I couldn't seem to do that I unfortunately uninstalled it -all of it .   McAfee notified me that a new Adobe had been installed which I had not initiated .    How will my computer be affected without Abobe ?    How do I safely reinstall it ?    

  10. Anonymous

    I received a message yesterday on my mobile phone  "d'utiliser un nouveau code de sécurité pour mon compte Microsoft" and would like to receive confimation from you that this message has been indeed sent by Microsoft.  THANK YOU for you answer, please.  

  11. Anonymous

    I was charged twice for the the sme produduct on4/10/14. That product was windows 8 .I was also charged 2 differant  prices 1 @$128.39 and the other at $119.99.  Now what do yuo suggest I do with the extra product? and How do I get my money back.

  12. Anonymous

    How do I remove Internet Explorer?

    I know that I remove IE when I had windows 98 and install another browser and never got a virus. Since it seems IE is bad, I want to remove it and install another explorer like Explorer++ that is safer than IE.

    Please provide steps since it seems WIndows 7 and 8 are not safe to use IE. My windows XP is safer since I remove IE from it but I lost the paper that had the steps to remove it. Please post info on this so that I can print them out again. Thank you.

  13. Anonymous

    Thank you so much for the information. I have McAfee Anti Virus on my system and my firewall is always on. But this is what I needed to ease my mind.

  14. Anonymous

    What do I do for my Surface RT?

    I am a developer in the medical records field and my RT is an essential tool. I can't take any chances that a security breach can cause a related data exposure and I don't have the luxury of  temporarily turning to a competing browser until IE is fixed.

  15. Anonymous

    How were customers notified?  I wasn't!

  16. Anonymous

    It's been a day and a half since this announcement was posted. Is there any update? An eta for delivery of a patch? For those of us managing a business in which heavy internet use is a necessity, this is a serious issue. I now have all my group using Chrome or Firefox as a temporary workaround.

  17. Anonymous

    Vista – cannot run IE 10 or 11  – cannot run enhanced security – cannot use Office 365 – cannot upgrade to Windows 7 – it seems that you really dislike your customers.

  18. Anonymous

    Hey thanks Microsoft for all the great work you been doing over the years and especially in most recent years/months with regards to Smartphone AI Cortana and sealing the acquisition of Nokia, being the best unfortunately attracts the best haters and hacker.

    I see this has made vulnerable all IE's dating back to IE6, this tells me that it took all these years 10-14yrs? for the hackers to find this hole and that's a good sign to me of the measures you go through to secure your Browser and other offerings you bring to market (hey, do u think maybe Steve Ballmer had anythi…ng t..o do w..ith this hack, no. sry just thinking as typing).

    Hey will this require a new service pack or just a patch/update or did the update to IE Flashplayer two days ago fix it.

    Thanks again Microsoft, have a great Tuesday.

    Ps, I make a request for Microsoft's new A.I. Cortana to be put in Win8.1 Laptops/Desktops and Surface as well. :)

  19. Anonymous

    Thank you for doing  awesome work at Microsoft.We  appreciate you and your team.

  20. Anonymous

    Any word on when the fix will be available?

  21. Anonymous

    A friend of Mine just got hacked – I opened a email from her -Subject – "So Sad"

    it said she was out somewhere (in a war zone) Been attacked etc and needed money etc —

    I had just seen her the day before so I knew for sure it was a scam –

    Now What do "I" do?  I had no "bells or whistles" etc – Don't know how to change my Password or even if I have been hacked also — She has lost all her emails  and everything is blank she says.

    So far mine is Ok – I think – but it has only been one hour since I opened it —  ??? How do I know if I am OK or NOT???

  22. Anonymous

    Does this have to do with the Article that News Channel 9 posted , that said Home Land Security recommends using Google Chrome or Fire Fox until Microsoft fixes Internet Explorer security issues ? Just to let you know I have changed from Internet Explorer to using Google Chrome, because when I turn on every protection to high … Fire Walls, Enhanced Protection and all the other Protection methods you have to jump through hoops in order to do anything !! I have Norton 360 that I have set to auto update, and I have the HP Assistant, and Windows set to Auto update Windows !!!

    I just want to let you know that I am severely disappointed with Microsoft …. Windows 8, and 8.1 is garbage on a desktop computer , and now Internet Explorer  has security Issues bad enough that Home Land Security said not to use it !!!  I just hope you people come up with a fix fast, because I did like using Internet Explorer !!!

    I have been using Windows sense Windows 98 , and have bought the newest versions of Windows when they came out, and it seems like you people don't care at all for your customers !!!   Bill Gates has made enough money you think he would care a little more then allow this garbage to be pumped out at the expense of loyal Microsoft customers. Could I go with Apple or Mac? The answer is yes ! But when I think of computers I think of Microsoft !!!  Let me tell you that is changing real fast also !!!

    I Don't want some automated response, I want to know if this  Article is real, and I want to know how I can run Internet Explorer with out running in circles, jumping through hoops… You get my point …. I hope so !!!

    Thank You

    Daniel Pexton

  23. Anonymous

    Is it ok to run windows defender with Norton or McAfee antivirus protection?

  24. Anonymous

    I have received several phone calls from someone who says he's a Microsoft/Windows technician and he urgently wants to help me prevent hackers who currently have access to all my information on my computer.  I asked him for a call back number which he gave me.  He also gave me his employee number and his name,but I am still suspicious.  Is Miceosoft contacting customers in this way?

  25. Anonymous

    Has Microsoft given any indication when a patch can be expected for this issue?

  26. Anonymous

    item 2 is misleading.   enhanced protected mode is on the advanced tab, under security.    there is a protected mode on the security tab, but that's been there forever, and is not the same as enh prot mode, on ie 10/11

  27. Anonymous

    I can"t believe you hung us out to dry- I bouhgt this computer on the premis it was the most up to date thing now I am hung out to dry! Your company probably set up this Heartbled to make more money off us poor hard working people! Don't tell me I have to buy a new computer when you and all your wiz kids can fix the problem and make my computer run like new. Really – why can"t you patdh this one like all the others out there. Really  what gives?

  28. Anonymous

    I think it is grossly unfair of Microsoft to end support for XP, then when a major browser flaw is discovered a mere 2 or 3 weeks later, refuse to help users protect themselves, except to tell them to upgrade their OS.  My computer is old, but works just fine, but it has too little power to run a new system.  If I have to replace my computer because of the huge security breach in IE, I will move to an Apple environment.

  29. Anonymous

    I have tried everything to get to  my email without success.  I keep getting a message saying my email is wandawhy@cs.com.  I am told to enter that address and I will get an email.  I haven't used that address since I switched from CompuServe to MSN.  I can't delete it or change it.  I am so frustrated with this ridiculous thing,I am ready to quit msn altogether.  I created an account with Google, but can't  do anything with the wrong info I can't change.  You say I can keep doing what I started, but I have no way to access my email.  I neither want or need anything new and this is really stupid.

  30. Anonymous

    Are Windows Phones and Windows RT affected?

  31. Anonymous

    When you say, "On April 26, 2014, Microsoft notified customers of a vulnerability in Internet Explorer" what do you mean? I saw it on the news, but received no 'message' from Microsoft.

  32. Anonymous

    I understand you are saying the problem is in the BROWSER. Also windows XP is always mentioned, is it just XP or if your running ANY OTHER  OS does this still matter. I have Windows 7 Pro will the same issue show up if as if it was in XP?? I am not the only one with this question. So regardless of whether you have win 8,7 Vista or XP the problem is in IE 6 thru 11….correct??

  33. Anonymous

    Was the security by Boost    called  Boost PC.  It claims to be certified

  34. Anonymous

    IF you updated Windows 8 into a decent programme like XP Pro I would pay an annual subscription to use Microsoft Office.

    Remember to change your God from The (ONCE) mighty Yankee Dollar and consider ordinary people for a change. You seem to forget that you are not in the advertising business, but you might consider a good security programme. .

    You are losing the trust that the world people in you.

    There are a lot of people and businesses in this world who use the main Microsoft  Word, Outlook express, excel and access and windows and would  for rather to pay an annual fee for updates, protection and only use surfing the net as a pure waste of time. Especially the big time wasters twitter, facebook etc which should be exocised from business time operations.

  35. Anonymous

    I was asked to contact Amazon.com by a secure link they provided as it said fraud my be

    attempted on my account and they are refusing to pay a charge I made but I have not made

    any charges?Please advise.

  36. Anonymous

    sounds like a scam to me.  check your credit card and whatever you do don't even think of clicking on that link

  37. Anonymous

    followed your instructions – there is no box for "enhanced protected mode" on the Security tab.

    what a waste of my time – again.

  38. Anonymous

    Dorothy is absolutely correct – – – there is no box for "enhanced protected mode" on the Security tab.

    IE 10

  39. Anonymous

    The Enhanced Protected Mode blurb is incredibly poorly written. It is a checkbox under Internet Options, Advanced Settings, Security. Authors need a peer review, sanity check before they publish for the masses.

Comments are closed.