Tuesday, April 29, 2014

Global Impact: DHS Recommends Against Using All Versions of Internet Explorer

According to The Latin American Tribune, the US Department of Homeland Security (DHS) on Monday (April 28) issued an alert recommending that computer users avoid using Internet Explorer to surf the Web until a solution is found for the attacks staged over the weekend that take advantage of a bug in the program.

Over the past weekend, several specialized agencies and companies issued an alert about hacker attacks on the search engine, Microsoft's Internet Explorer, by means of a “worm” that takes advantage of a bug in the program unknown until now.

"We are currently unaware of a practical solution to this problem," DHS' Computer Emergency Readiness Team (CERT) said in a post early Monday morning (April 28).

CERT recommends that users and administrators "consider employing an alternative Web browser until an official update is available."

The security flaw allows malicious hackers to get around security protections in the Windows operating system. They then can be infected when visiting a compromised website. Because the hack uses a corrupted Adobe Flash file to attack the victim's computer, users can avoid it by turning off Adobe Flash.

DHS indicated that the vulnerability of Internet Explorer is being actively exploited, a vulnerability that affects all versions of the search engine from 6 to 11, and which can lead to the “complete compromise” of the affected system.

This is the first high-risk alert issued for Microsoft software since the US firm stopped providing security updates for its Windows XP operating system last April 8, so that computers still using that system are defenseless against these hacker attacks. 

COMMENT: According to the firm NetMarketShare, Internet Explorer is the most heavily used  search engine in the world, used by almost 58% of all users in 2014, far more than the 18% for Google Chrome and 17% for Mozilla Firefox.

CERT says that as yet it has no practical solution for this problem, though besides recommending the use of another search engines, it also advises using the free Microsoft EMET tool for protection against hacker attacks.

The “worm” used to take advantage of Internet Explorer's debility was said week by the Internet security company, FireEye, as able to control a computer’s software once it has makes a successful attack.

Microsoft confirmed the attacks on its blog Sunday (April 27) and said it is working on providing a “fix” for the problem as soon as possible.