Monday, April 28, 2014

Don't use Internet Explorer, warns US government

In a blow to Microsoft, the US government is advising computer users to seek alternatives to the Internet Explorer web browser until the software is patched


The US Department of Homeland Security is advising citizens to use alternatives to Microsoft's Internet Explorer web browser until the company fixes a security flaw that hackers have used to launch attacks.

The United States Computer Emergence Readiness Team (US-CERT) said in an advisory that the vulnerability in versions 6 to 11 of Internet Explorer "could lead to the complete compromise of an affected system".

Microsoft warned customers over the weekend that a vulnerability in its Internet Explorer browser could allow hackers to gain access to their computers.

The flaw affects Internet Explorer versions 6 to 11, representing more than a half of the global desktop browser market, according to NetMarket Share. Microsoft said that it was aware of "limited, targeted attacks" that exploit the flaw.

"An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," the company said in a security advisory.

Microsoft said it is taking appropriate action to protect its customers, which may include issuing a security patch, either through its monthly security update release process or as a one-off update.

However, people still using Windows XP will not benefit from a security patch, as Microsoft stopped supporting the 13-year-old operating system earlier this month.

Cyber security firm Symantec said it had carried out tests that confirmed the vulnerability crashes Internet Explorer on Windows XP. "This will be the first zero day vulnerability that will not be patched for Windows XP users," it said.

Recent research from software company AppSense suggests that as much as 77 per cent of British businesses are running Windows XP in some capacity beyond the end of support deadline – including around half of the UK’s councils and large swathes of the NHS.

"Such organisations could be impacted by further exploits to this vulnerability as malware creators take further advantage of this security hole which will remain open," said Simon Townsend, chief technologist of Europe at AppSense.

"By using an unsupported platform, organisations are taking a very real risk in terms of data security, as highlighted by this exploit, and need to either move off XP or strictly control user rights and application usage."

For users of later versions of Microsoft Windows, Symantec encourages users to temporarily switch to a different web browser until a patch is made available.

No comments:

Post a Comment