In a
blow to Microsoft, the US government is advising computer users to seek
alternatives to the Internet Explorer web browser until the software is patched
The US Department of
Homeland Security is advising citizens to use alternatives to Microsoft's
Internet Explorer web browser until the company fixes a security flaw that
hackers have used to launch attacks.
The United States
Computer Emergence Readiness Team (US-CERT) said in an advisory that the
vulnerability in versions 6 to 11 of Internet Explorer "could lead to the
complete compromise of an affected system".
Microsoft warned
customers over the weekend that a vulnerability in its Internet Explorer
browser could allow hackers to gain access to their computers.
The flaw affects
Internet Explorer versions 6 to 11, representing more than a half of the global
desktop browser market, according to NetMarket Share. Microsoft
said that it was aware of "limited, targeted attacks" that exploit
the flaw.
"An attacker who
successfully exploited this vulnerability could take complete control of an
affected system. An attacker could then install programs; view, change, or
delete data; or create new accounts with full user rights," the company
said in a security advisory.
Microsoft said it is
taking appropriate action to protect its customers, which may include issuing a
security patch, either through its monthly security update release process or
as a one-off update.
However, people still
using Windows XP will not benefit from a security patch, as Microsoft stopped supporting the
13-year-old operating system earlier this month.
Cyber security firm
Symantec said it had carried out tests that confirmed the vulnerability crashes
Internet Explorer on Windows XP. "This will be the first zero day
vulnerability that will not be patched for Windows XP users," it said.
Recent research from
software company AppSense suggests that as much as 77 per cent of British businesses are
running Windows XP in some capacity beyond the end of support deadline –
including around half of the UK’s councils and large swathes of the NHS.
"Such
organisations could be impacted by further exploits to this vulnerability as
malware creators take further advantage of this security hole which will remain
open," said Simon Townsend, chief technologist of Europe at AppSense.
"By using an
unsupported platform, organisations are taking a very real risk in terms of
data security, as highlighted by this exploit, and need to either move off XP
or strictly control user rights and application usage."
For users of later
versions of Microsoft Windows, Symantec encourages users to temporarily switch
to a different web browser until a patch is made available.
No comments:
Post a Comment