Windows XP users, and those running something older than IE9 on newer versions of Windows need to apply this fix immediately.
The problem is that earlier versions of Internet Explorer have a remote code execution vulnerability that can cause “drive-by” installations. You visit a malicious web page, it installs the software without you knowing it. That’s bad.
This fix is only temporary and doesn’t completely fix the issue. I would expect a proper patch during an upcoming Patch Tuesday cycle. Perhaps one will be ready next week, since next week is that time again.
If it’s not ready at that point, then this is significant enough that Microsoft may decide to issue an out-of-band patch, as they’ve been known to do in the past.
If you use something other than IE as your primary browser, this is less of an issue, but since so much other software uses the IE engine, you can be running IE without realizing it. Unless your machine honestly, truly doesn’t have an Internet connection, you need the fix.
David Farquhar is a computer security professional, entrepreneur, and author. He has written professionally about computers since 1991, so he was writing about retro computers when they were still new. He has been working in IT professionally since 1994 and has specialized in vulnerability management since 2013. He holds Security+ and CISSP certifications. Today he blogs five times a week, mostly about retro computers and retro gaming covering the time period from 1975 to 2000.