German govt urges public to stop using Internet Explorer

by Mark Tyson on 19 September 2012, 10:45

Tags: Internet Explorer, McAfee (NASDAQ:INTC)

Quick Link: HEXUS.net/qabml5

Add to My Vault: x

A security flaw in Internet Explorer, spotted by Luxembourg-based security expert Eric Romang late last week, remains unpatched by Microsoft. The flaw is quite serious and can mean that users’ computers can get infected and taken control of if they simply visit a malicious website. Microsoft issued an advisory yesterday suggesting a temporary workaround and an advisory update 10 hours ago saying they are working on releasing a “one-click, full strength solution” in the “next few days”.

Poison Ivy

The zero-day Internet Explorer vulnerability which Mr Romang saw exploited, to infect his computer with “Poison Ivy”, is the subject of Microsoft Security Advisory 2757760. The advisory mentions that IE10 is not affected and there is a temporary workaround available for other IE version users. The temporary fix involves installing the free Microsoft Enhanced Mitigation Experience Toolkit (EMET), setting all your security zones to “High” thus blocking ActiveX Controls and Active Scripting. Then you must white-list trusted sites by adding them to the Internet Explorer Trusted Sites zone. An article on PCPro, quoting a McAfee employee, suggests it would be easier to simply ditch IE and download Google Chrome.

German government computer says no

The German government's Federal Office for Information Security (BSI) “urged the public on Tuesday to temporarily stop using Microsoft Corp's Internet Explorer” according to a news story published by Reuters today. The BSI advise using another browser for the time being, due to fears of “a fast spreading of the code”.

A few days remain until Microsoft will update IE9 and earlier. The security advisory update from 10 hours ago says “This Fix it will be available for everyone to download and install within the next few days. Until then, we encourage folks to review the advisory and follow the other mitigations listed there.” Also the fix will be very simple to use; “The Fix it is an easy-to-use, one-click, full-strength solution any Internet Explorer user can install. It will not affect your ability to browse the Web, and it will provide full protection against this issue until an update is available.  It won’t require a reboot of your computer.”

Microsoft’s Yunsun Wee, Director, Trustworthy Computing says that “we have only seen a few attempts to exploit the issue, impacting an extremely limited number of people”. Let us hope the impact remains low while we wait for Windows Update to distribute the promised IE fix.



HEXUS Forums :: 7 Comments

Login with Forum Account

Don't have an account? Register today!
Hahaha, why am I not surprised. Microsoft should keep to doing what they know best. Creating Windows OS and Microsoft Office
Cumminsc9
Hahaha, why am I not surprised. Microsoft should keep to doing what they know best. Creating Windows OS and Microsoft Office
Because despite the headline, its only temporary, which I they have also suggested against using firefox under such zero day flaws….
Cumminsc9
Hahaha, why am I not surprised. Microsoft should keep to doing what they know best. Creating Windows OS and Microsoft Office
They don't even do them particularly well.
IE and Windows have a huge market share, so it's understandable that a huge number of people are going to try and discover exploits in this software. In my opinion Microsoft do an excellent job in preventing exploits and fixing them quickly.
It's naive to think that a group of determined people won't eventually find a vulnerability even for the best coded software.
Yes. Microsoft should keep to doing what they know best. Flight Simulator. LOL