Germany warns users to ditch Internet Explorer over security hole

Germany warns users to ditch Internet Explorer over security hole

Summary: The German government's information security agency has issued a warning recommending that users should stop using Microsoft’s Internet Explorer until the company releases an fix for a recently-discovered hole in the browser.

SHARE:
15

Germany's Federal Office for Information Security (BSI), the agency that looks after IT security for the country's federal government, is urging individuals and companies to stop using Internet Explorer.

The warning comes after the news that zero-day exploits are already in the wild for a security hole that affects Internet Explorer, versions 6 to 9. According to the BSI, it is more than likely that criminals will use these vulnerabilities to target users.

As there is no fix for the flaw currently available, the BSI is recommending users ditch IE until Microsoft releases a patch.

Microsoft announces fix for zero day vulnerability on Twitter
Microsoft announces the upcoming fix for the zero day vulnerability on Twitter

"The BSI recommends all users of Internet Explorer to use an alternative internet browser until the manufacturer has released a security update," it said in an advisory on the BSI site.

The BSI routinely issues warnings for currently active exploits. In the past, warnings have been issued against zero-day flaws in Java and several other issues in Internet Explorer.

The agency is already in contact with Microsoft and is pushing for a fix for the vulnerability, according to the advisory.

That update might not be too far away. In a blog published on Tuesday, Yunsun Wee, director of Microsoft's Trustworthy Computing Group, announced a one-click 'fix it' for the flaw will be released in the "next few days". Microsoft has also pointed users towards a free tool, the Enhanced Mitigation Experience Toolkit (EMET), which should prevent users falling victim to any exploits.

Microsoft has also set out a manual solution to the problem: the company recommends setting internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones. The workaround is detailed in Microsoft's corresponding Security Advisory for the flaw.

The vulnerability was found by security researcher Eric Romang last week while looking into recently discovered Java vulnerabilities. While analysing an earlier zero day, he found some interesting HTML code that led him to the discovery of the new vulnerability. Using the flaw in IE6 to 9, an attacker can remotely execute code with the same privileges as the current user. If this user has administrative rights, the attacker might be able to get complete control over the system. 

Topics: Security, Malware, Microsoft, EU

Moritz Jaeger

About Moritz Jaeger

Moritz is a Munich-based IT-journalist with more than eight years of experience as an author under his belt.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

15 comments
Log in or register to join the discussion
  • Germany warns users to ditch Internet Explorer over security hole

    Microsoft to Germany: Learn safe browsing practices along with the built in tools in IE to keep yourself safe.
    Loverock Davidson-
    • (German) safe browsing practices list

      1. Uninstall Microsoft Internet Explorer
      2. Install GNU/Linux formatting Genuine Microsoft Windows partition
      3. Say out loud "Windows kaput!"
      eulampius
      • So safe you can't run anything!

        Then when their economy collapses because their business apps won't run on your suggested solution they will wish they had stuck with IE and learned the basics of securing it.
        Loverock Davidson-
        • What are the basics to secure IE?

          You keep saying IE has basic tools to secure IE,
          where does a home user find these tools?
          RickLively
          • Inside IE

            They are easily accessible from IE's menus.
            Loverock Davidson-
          • Yea that will go over well with a consumer

            Mr/Mrs Consumer in Germany go look at menus, Loverock.

            Perfect example of why Germany is telling everyone not to use.
            RickLively
  • Enhanced Mitigation Experience Toolkit (EMET)

    downloaded it lastnight and super easy to install and configure but not obvious for the normal end user. For home users switching browsers until a patch is released is still the easy option. For the enterprise its a non-starter but IT should be able to deploy the tool company wide.
    Xenon8
  • Learned this long ago

    I have not used IE for several years, because of it's many security issues.
    spiris333@...
    • lol

      Internet Explorer, lol.
      Ådam Rinklëff
    • IE and security

      If you read the unbiased analysis, the tools in IE around ensuring safe browsing such as smart screen and tracking protection are market leading.... and every browser has security holes from time to time.

      A Fix-It (which is something that any consumer can use) mitigation for the issue is already out there at http://support.microsoft.com/kb/2757760

      and the patch is being made available tomorrow. So how much quicker could any of the browser products be fixed, given the need to test any such patch before it is issued?
      AndrewLMacaulay
  • RE: Germany warns users to ditch Internet Explorer

    Good going. I'll say it once and I'll say it again. IE is a virus (LOL) that comes with an OS (or should I say Windows in need of a good scrubbing and a anti-biotic) that's always infected by faulty MS updates.
    Werner Marais
  • No big deal...

    Germany does this whenever they discover a flaw in any browser... all broswers has holes. Patch and move on...
    anonymous
    • Where is the patch?

      “Patch and move on...”

      Waiting for patch.......waiting..
      RickLively
    • all browsers have

      holes, Microsoft Internet Explorer is a big hole
      eulampius
      • Technology holes

        No technology is perfect. It's just that some have bigger holes/attack surface area/vulnerabilities than others. And we have some freedom to choose which piece of technology to use--as a consumer. For the enterprise--it's another story. :)
        rdcabebox