Thread: Stop using Microsoft's IE browser until bug gets fixed, says US

Stop using Microsoft's IE browser until bug gets fixed, says US

In a rare move, the Homeland Security Department's Computer Emergency Readiness Team says to stop using Internet Explorer until Microsoft can plug a critical security hole.

• by Seth Rosenblatt@sethr
• April 28, 2014 11:18 AM PDT

​



It's not often that the US government weighs in on the browser wars, but a new Internet Explorer vulnerability that affects all major versions of the browser from the past decade has forced it to raise an alarm: Stop using IE.

This zero-day exploit is an unpatched flaw in the Microsoft browser that allows attackers to run malicious code remotely. Security firm FireEye said that it is currently being used to attack financial and defense organizations in the US via Internet Explorer 9, 10, and 11. Those versions of the browser run on Windows Vista, Windows 7, and Windows 8, although the exploit is present in Internet Explorer 6 and above.

While the Department of Homeland Security's Computer Emergency Readiness Team regularly issues browser advisories, this is one of the few times that the CERT team has recommended that people avoid using a specific browser.

FireEye recommends that if you can't switch browsers, that you disable Internet Explorer's Flash plug-in. You can also use IE with Microsoft's Enhanced Mitigation Experience Toolkit security app, but that will not be as secure as simply switching browsers.

Microsoft and the Department of Homeland Security did not immediately respond to requests for comment.

http://www.cnet.com/news/stop-using-...fixed-says-us/

RELATED

http://www.alipac.us/f19/microsoft-r...-users-301748/

Microsoft patches Flash to fix some instances of critical IE bug

The Adobe Flash update from Microsoft fixes a critical Internet Explorer security flaw that hackers are using to target financial and defense organizations -- but only in some versions of IE.

• by Seth Rosenblatt@sethr
• April 28, 2014 1:03 PM PDT

Microsoft

Microsoft updates Adobe Flash for some versions of Internet Explorer to fix a bug so severe that the Department of Homeland Security advised people to stop using the browser.

The fix addresses a serious security flaw in the browser's implementation of Flash that allowed hackers to run malicious code and attack financial and defense groups in the US, said security firm FireEye. The fix addresses Adobe Flash Player libraries that are contained within Internet Explorer 10 and 11.

However, the fix does not address the flaw in all versions of IE. Only IE 10 and 11 are fixed, while the security flaw affects IE 6 and up. FireEye had determined that IE 9, 10, and 11 were actively being attacked, making up more than 26 percent of the browser market.

Neither Microsoft nor Adobe immediately returned requests for comment.
Internet Explorer is currently used by around 55 percent of the desktop browser market, according to NetMarketShare, while StatCounter says that 22.58 percent of people surveyed use IE. While the disparity is large, in either case the flaw affects a huge number of browsers being actively used.

http://www.cnet.com/news/microsoft-p...itical-ie-bug/

RELATED

http://www.alipac.us/f19/how-tell-if...hacked-301809/

RELATED

http://www.alipac.us/f19/microsoft-f...ows-xp-301985/