German security agency tells users to drop IE

Germany's key cybersecurity agency has urged users to stop using Microsoft's widespread Internet Explorer until further notice, after zero-day vulnerability was recently discovered in the web browser.

The Federal Office for Information Security, otherwise known as BSI, recommended users "switch to an alternative browser" until Microsoft patches the flaw.

Security experts have suggested it could take a week for that to occur.

The agency does not recommend any particular browser to use instead, however.

The vulnerability is understood to affect Internet Explorer versions 7, 8 and 9 running on Windows XP, Vista or Windows 7 operating systems.

Internet Explorer 10, the default browser for Windows 8 and a preview of which is available for Windows 7, is not affected by the vulnerability.

It is feared that malicious websites could use the flaw to run arbitrary code on remote systems with the logged in user's privileges.

BSI said the attack code for the vulnerability was freely available on the internet and expected it to be widely and quickly used by miscreants.

Microsoft has yet to release a security patch for Internet Explorer, but has issued a security advisory for the vulnerability.

The company suggested workarounds to mitigate the problem, including deploying the Enhanced Mitigation Experience Toolkit, setting Internet and Local intranet security zone settings to "High" in order to block ActiveX Controls and Active Scripting, and also enabling prompting for the same scripts.

In enabling the mitigation measures, Microsoft warned that internet and intranet websites using Active X or Active Scripting, such as banks or retailers, ordering forms or account statements, may stop working.

Internet Explorer users are advised to add such websites to the Trusted Sites Zone, to continue to use them.