Department of Homeland Security warns users against using Internet Explorer

Himanshu Arora

Himanshu Arora

Posts: 902   +7
Staff

The U.S. Department of Homeland Security on Monday warned computer users against using Microsoft's Internet Explorer browser until a fix is issued for the security vulnerability that came to light over the weekend.

"Those who cannot follow Microsoft's recommendations, such as Windows XP users, may consider employing an alternate browser", the United States Computer Emergency Readiness Team (US-CERT) said in a bulletin. The team also said that they are unaware of a practical solution to the problem.

The vulnerability could allow a remote, unauthenticated attacker to gain control of an infected computer, and do things like steal or delete personal data, install malware, track online behavior, and more.

FireEye Research Labs, an Internet security software company headquartered in Milpitas, California, first reported the bug on Saturday. According to the company, the bug affects IE6 through IE11, but IE versions 9, 10 and 11 are the only ones being actively targeted at this time.

The exploit uses a well-known Flash exploitation technique to achieve arbitrary memory access and bypass Windows’ ASLR and DEP protections. Although FireEye says that disabling the Flash plugin within IE will prevent the exploit from functioning, US-CERT appears to think otherwise.

The warning notes that the Microsoft Enhanced Mitigation Experience Toolkit (EMET) can be used to help prevent exploitation of the vulnerability.

On the other hand, Microsoft, which generally releases security patches on the second Tuesday of each month, is yet to decide whether it will issue an emergency patch before the next 'Patch Tuesday' on May 13.

Permalink to story.

https://www.techspot.com/news/56570-department-of-homeland-security-warns-users-against-using-internet-explorer.html

 
I can't find anything about any patch being released. can you give me the details on this fix you received?
 
Is the title not a bit misleading?

Surely it should be "Homeland Security advises Windows XP users from using Internet Explorer" or "OMG. Windows XP has a security flaw in it (but the majority of home users on XP think they are immune to viruses, so won't care anyway)"
 
Now just out of curiosity, did they say that it was targeting Windows XP specifically, or is it open to other systems as well? I dunno if I misread or looked it over while reading this article. It is an interesting find though. I primarily use Chrome or Firefox anyway. I keep away from IE since a lot of stuff doesn't translate well, even if I downgrade to IE 9 for my online class. Or for anything to that matter. IE used to be primary, now everyone else is coming up from behind!
 
I'm not aware of any patch for IE 6 - 11 that fixes the current vulnerability. Microsoft did release a patch the updates Adobe Flash for IE versions that have that built in. The short answer is use Chrome, Firefox, Safari or something else for now.
 
Microsoft just released (5/1/14 13:00 EST) patches for IE 6 -11 that fixes the latest issue.
 
Guest said:
Microsoft just released (5/1/14 13:00 EST) patches for IE 6 -11 that fixes the latest issue.
Click to expand...
Now I have an update for my Win7 IE8. After reading all the comments, they lead me to believe there was no update before now.

Edit:
Hahaha, the update failed to update. They should start doing their updates on saturday night, they are turning quite comical.
 
Last edited:
You must log in or register to reply here.

Similar threads

Shawn Knight
White House warns of cyberattacks targeting critical US water systems
Replies
3
Views
164
Athlonite
Athlonite
A
GPT-4 can exploit zero-day security vulnerabilities all by itself, a new study finds
Replies
9
Views
72
jpvalverde85
J
D
Apple warns users in 92 countries of mercenary spyware attacks
Replies
1
Views
95
erickmendes
erickmendes

Latest posts

Back