Australia's Computer Emergency Response Team (AusCERT) has recommended organisations "consider using a web browser other than Internet Explorer until a patch becomes available" — an option that many large firms cannot seriously consider.
"We needed a patch yesterday"
Graham Ingram, GM AusCERT
The zero-day flaw first reported last Thursday, which Microsoft later admitted affected all versions of Internet Explorer has prompted AusCERT to advise Australian organisations to "consider" using an alternative browser, which could include Opera, Mozilla Firefox, Google Chrome or Safari.
"What we've said is quite specific in our advisory — we've said that users should consider using an alternative browser — if that is possible," AusCERT's general manager Graham Ingram told ZDNet.com.au today.
AusCERT was cautious in its advice to use an alternative browser because it was aware many large organisations' desktops were "locked down". That is, configured to only allow approved applications to run, which in many cases means Internet Explorer is the only web browser option.
"There are a lot of companies that lock down [their computer] environment," said Ingram.
However, the reason that AusCERT went ahead with the advice was due to the importance of the web browser in modern desktops.
"There are a number of ways to mitigate to this, but the browser is one of the most fundamental pieces of software on the modern workstation," said Ingram.
"Having an unpatched browser is a massive problem. A zero-day unpatched IE is something that is not trivial and we needed a patch yesterday," Ingram stressed.
Other possible strategies included the drastic measure of turning off all web browsing, or creating a whitelist of websites that administrators considered safe from attacks that use specific exploit. Organisations should also update their antivirus, he said.
"But with the rise of legitimate sites being compromised there's no assurance that even safe sites haven't been compromised," he said.
Microsoft admits it has detected several hundred exploits for this vulnerability, however, the sites taking advantage of the flaw appear to be hosted on Chinese domains.
Microsoft yesterday did not know when a patch would be released. The next Patch Tuesday is scheduled for 13 January.
"IE is so widely spread and has so many platforms within it, developing a patch would be a Herculean task," Ingram added.