German security agency tells users to drop IE

Powered by SC Magazine
 

Auf wiedersehen, Internet Explorer.

Germany's key cybersecurity agency has urged users to stop using Microsoft's widespread Internet Explorer until further notice, after zero-day vulnerability was recently discovered in the web browser.

The Federal Office for Information Security, otherwise known as BSI, recommended users "switch to an alternative browser" until Microsoft patches the flaw.

Security experts have suggested it could take a week for that to occur.

The agency does not recommend any particular browser to use instead, however.

The vulnerability is understood to affect Internet Explorer versions 7, 8 and 9 running on Windows XP, Vista or Windows 7 operating systems.

Internet Explorer 10, the default browser for Windows 8 and a preview of which is available for Windows 7, is not affected by the vulnerability.

It is feared that malicious websites could use the flaw to run arbitrary code on remote systems with the logged in user's privileges.

BSI said the attack code for the vulnerability was freely available on the internet and expected it to be widely and quickly used by miscreants.

Microsoft has yet to release a security patch for Internet Explorer, but has issued a security advisory for the vulnerability.

The company suggested workarounds to mitigate the problem, including deploying the Enhanced Mitigation Experience Toolkit, setting Internet and Local intranet security zone settings to "High" in order to block ActiveX Controls and Active Scripting, and also enabling prompting for the same scripts.

In enabling the mitigation measures, Microsoft warned that internet and intranet websites using Active X or Active Scripting, such as banks or retailers, ordering forms or account statements, may stop working.

Internet Explorer users are advised to add such websites to the Trusted Sites Zone, to continue to use them.

Copyright © iTnews.com.au . All rights reserved.


German security agency tells users to drop IE
 
 
 
Top Stories
Westpac committed to core banking plan
[Blog post] Now with leadership.
 
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  30%
 
Application integration concerns
  3%
 
Security and compliance concerns
  27%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  22%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1166

Vote