Serious Internet Explorer Bug Leaves Half of all Browsers Open to Hack
By Julianne Pepitone
Microsoft
is scrambling to fix a newly found bug in Internet Explorer, which
leaves all versions of the browser open to potential attacks.Hackers have already used the flaw to launch "limited, targeted attacks," Microsoft said a "security advisory" on Saturday.As
with many attacks, hackers can start with methods like convincing users
to click on fake websites, Microsoft explained. From there, the glitch
could allow attackers to run malicious software on the user's computer
-- and even gain the same level of access to the computer as the real
user.It's a serious flaw, and a
widespread one: Internet Explorer comprised almost 58 percent of all
desktop browsers in March, according to analytics company Net Applications.Even the Department of Homeland Security weighed in with an advisory on Monday, calling on users to run alternative web browsers until Microsoft is able to fix the problem.The
Internet Explorer issue affects the browser's versions 6 through 11,
Microsoft said in its post. Microsoft's response came one day after
security company FireEye revealed the flaw in a post on its own site on Friday.FireEye
said attackers are focusing mostly on Internet Explorer versions 9
through 11, which make up about a quarter of all browsers. FireEye
dubbed the attacks "Operation Clandestine Fox" and called the flaw
"significant."FireEye recommended that users disable Adobe Flash, saying "the attack will not work" in that case. But Adobe posted its own advisory on Monday, offering users a security update that it said will fix the problem. Microsoft
is still investigating the issue, and the company said it may fix the
problem through either a scheduled or off-cycle security update.Until then, Microsoft wrote in a separate blog post,
the company recommends typical protection steps like installing
anti-virus software and being cautious when visiting websites. Microsoft
also suggested using Internet Explorer in "enhanced protected mode" and
downloading a "toolkit" to help guard against attacks.Those
steps could help protect users of newer Windows versions until
Microsoft releases a fix. But the glitch is a sobering reminder that no
help is coming for users of Windows XP, as Microsoft dropped support of that operating system earlier this month.
First published April 28th 2014, 8:35 am 4951