Cyber attackers are, on the other hand, overjoyed that some users don't even know what software patching means and entails, because this allows them to recycle old exploits and still succeed in their attacks.
Zscaler's Pradeep Kulkarni has recently unearthed an attack taking advantage of the Internet Explorer zero-day vulnerability that has been exploited in the infamous Aurora attacks against Google and many other big Internet, finance, technology, media and chemical companies.
As you might remember, the Aurora attacks were first detected in December 2009 and made public in January 2010. That was exactly four years ago, and Microsoft has released a patch for the vulnerability two years ago.
Nevertheless, "the obvious reason behind attacking old CVE's is the belief of attackers, that there are still un-patched and outdated browser's out there on end user machines," notes Kulkarni. "Sadly, they're correct."
Unfortunately, security pros can only offer that oft-repeated (and oft-ignored) mantra: migrate to the most recent version of the browser, and keep it updated with the latest patches.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.