Governments urge Internet Explorer users to switch browsers until fix found

Governments urge Internet Explorer users to switch browsers until fix found

Summary: Switch to Chrome or Firefox until Microsoft fixes the security flaw affecting all versions of Internet Explorer.

SHARE:

Government security response teams are urging Windows users to consider Chrome or Firefox as their default browser until Microsoft delivers a security fix for a new flaw affecting all versions of Internet Explorer.

Computer emergency response teams (CERTs) in the US, the UK, and Sweden have advised Windows users to consider avoiding Internet Explorer until Microsoft fixes the vulnerability.

Microsoft over the weekend confirmed the flaw was being exploited in "limited, targeted attacks", which use a rigged Flash file hosted on attack websites to net victims. Attackers that successfully exploit the flaw affecting IE 6 to IE 11 could gain the same user rights as the original user, according to Microsoft.

The company has yet to announce whether it will release an out of band patch or wait until the next Patch Tuesday, scheduled for 13 May, to deliver a fix. It will also be the first patch update from Microsoft that excludes Windows XP, which still runs on around 29 percent of the world's PCs.

Microsoft has outlined a number of ways to mitigate the attacks, including by deploying its EMET (Enhanced Mitigation Experience Toolkit) version 4.1 or activating Enhanced Protected Mode available in IE 10 or IE 11 — a feature that isn't available in earlier versions of the browser. Security vendor FireEye, which first reported the flaw, also noted that the attacks currently rely on Flash to work, so it's advised users to disable the Flash plugin in IE.

However, given Microsoft's end of support for XP, US CERT is encouraging those that cannot follow Microsoft's recommendations to "consider employing an alternate browser".

Sweden's and the UK's CERTs have also provided similar advice.

"Users should also consider using alternative browsers, such as Google Chrome and Mozilla Firefox; and ensure that their antivirus software is current and regularly updated," CERT-UK said in its advisory.

One option XP users have to mitigate the threat is by unregistering the VGX.DLL file, according to security firm Sophos

Read more on Internet Explorer

Topics: Security, Browser, EU, United Kingdom

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

115 comments
Log in or register to join the discussion
  • Dump the NSA mine shaft

    NSA is setting fire to the internet.Trust in the net is waning.This is where freedom is won or lost.The net needs to go to Global control not just USA influence.As past history has proven that's a losing proposition.Peace to all.
    Earthmanz
    • Don't Worry

      By next year the DOC contract with ICANN will expire in 2015...So Russia, China maybe Iran will be able to get hold of it Yipppeee, we can all relax, no more internet problems, no more free speech on the internet either, but what the hay, that's already vanishing anyway....So don't worry...
      Ricardus
    • Dump the idiot press

      If there was such a thing as "global control" you might have an idea, sort of...;) The only thing "burned" so far are the brains of the silly people who credit Snowden with a lick of sense, and believe everything they read without question.
      waltc3
      • Dump The Idiot Press

        Snowden' revelations unfortunately for you my deluded friend have been proved to be true. A security Agency out of control with not answerable to anyone is a threat to democracy. When thee government no longer trusts the electorate the governments days are numbered.
        bobmattfran
        • Are you kidding right?

          Sometimes I wonder how naive someone can be. After reading your comment, VERY. Snowden is a traitor, a piece of shit. Thats all. "A security Agency out of control"? Every government on this planet will do anything to safeguard that government. They will spy and they will kill their own citizens. This is not a US only thing. Either you buy your own little island and make your own rules(then it will be you spying and killing your citizens). Is it wrong? Of course. Can you do better? Of course NOT. No government can be trusted. But please, dont make it sound like the US is evil and everyone else are saints. Just accept that simple fact.
          ilovepie
          • Exactly

            No government can be trusted. The founding fathers knew that. So that reality is baked into the Constitution. Look at all of the things that document says our government *can't* do. Including a lot of things the NSA did. Do all governments do these kinds of things? Yes, including this one. Yes, it's wrong. So is saying people are being naive for not just accepting it.

            Who said other governments were saintly? But our government is breaking the fundamental laws of *our* land, regardless of how they try to justify it. And that is *criminal*. People should be gong to jail. No, I'm not expecting that to happen.

            You call what Snowden did treason. Perhaps in a legal sense it is. Except we have whistle blower laws for a reason. No one should ultimately be above the Constitution. What he did, for whatever his real reasons were (I don't know and neither do you), he exposed criminal activity against us by the people who are supposed to protect us from criminals. There may be issues as to how he did it, but really, what options did he have?

            For someone who so cavalierly casts aside the principles of this nation, I have a question. You say he's a traitor — looked in the mirror lately?
            mdsock@...
      • Ha! So smart guy, what did we read that we beleived without question?

        I don't want to jump to too big a conclusion, but waltc3's comments sound like they could easily be based on some ludicrous assertion.

        Like, for instance, Snowden telling lies. Im afraid that boat has sailed and the U.S. government wants to put him in jail, not for lying but for telling the truth.
        Cayble
    • Actually, trust in the internet should never have been given.

      All claims of security and trust are more marketing than reality, when it comes to software. Systems that do operations too complex for the human to comprehend, are themselves too complex to comprehend. Break the system into comprehensible pieces, and you'll STILL have trouble, when those pieces are stitched together. Bugs, and intentionally inserted (NSA, are you reading this?) exploit holes should pretty much be a given.
      D. W. Bierbaum
  • It's just a Microsoft product

    Nothing new about this, MS has not been known for the safety of it's browser. I haven't used IE for years and in my company it's is not allowed to have IE as default browser.
    It's also to much integrated in to the OS. No-good product in my view but could possibly be fixed...who knows.
    Aleks58
    • It is an adobe flash hack, not an IE problem.

      It is an adobe flash hack, not an IE problem ( http://www.us-cert.gov/ncas/current-activity/2014/04/28/Adobe-Releases-Security-Updates-Flash-Player ). And it is not the first Flash hack, but it might be the fastest they have ever fixed a bug in their code. Flash is so bad that Apple refused to allow it on their computers. Be safe, block Flash.

      Also update your Chrome to include security patches to prevent hacks: http://www.us-cert.gov/ncas/current-activity/2014/04/25/Google-Releases-Updates-Chrome

      And if you have not done so, update your firefox with security patches to prevent hacks: https://www.us-cert.gov/ncas/current-activity/2014/03/18/Mozilla-Releases-Updates-Firefox-Thunderbird-and-Seamonkey

      People who believe that IE is bad and everything else is good are a major cause of security problems.
      rwgreene
      • Based off of what?

        If it's a flash problem why is M$ telling a different story. It affects IE 6 - 11.... sounds like OLD code to me. No browser is secure. Period. But IE has historically been the worst.
        baylors
        • it is a flash problem

          did some research and it is in fact a flash problem just follow links on rwgreene and you can see for yourself. Also went to gov page and they are NOT recommending people not use IE the simply offer alternatives if people are uncomfortable with the media hype around IE whoever wrote this article didn't do their research.
          rbs2842
          • It's a Flash problem ...

            ... but Microsoft is fixing it and it doesn't affect other browsers. Interesting.
            davidr69
          • Yes...

            Microsoft is fixing it because IE is Microsoft's browser--just like Mozilla and Google patch their own respective browser security holes--and Microsoft doesn't. Lots of things that affect Firefox and Chrome don't affect IE, and vice-versa.
            waltc3
          • Two issues

            There are two issues being exploited, one is a flash problem which adobe has fixed. The second one has to do with flash but it is how IE interacts with it, so it is an IE issue. Two zero day exploits.
            schultzycom
          • Flash is used

            Flash is used to exploit the problem in IE. There may be a problem in Flash related to this but specific problem is in IE. But the reports also indicate this is not a problem with other browsers. Also, the indications are this exploit could be attacked by other malware but Flash is more likely to be available.
            Linux_Lurker
      • "People who believe that IE is bad and everything else is good are a major

        problem"

        How can you justify that? Are you simply trying to stir up trouble, delusional, or a paid Microsoft shill?
        chrome_slinky@...
        • Anyone that thinks that there are no problems

          with some software are deluding themselves, and others. Every software has bugs, and as has been shown in various hacking competitions, everything is vulnerable.

          So yes, anyone claiming something is immune to issues and will always be good is a problem.
          grayknight
        • From your name, maybe you're the shill here

          His point was that folks should trust nobody. The point is valid that the other browsers are just as bad if not worse. There are likely lots of security holes in all the browsers. They are discovered every year at security conferences. And, as I recall, IE11 does quite well in security and particularly well at privacy protection. Privacy is one area that Google Chrome is terrible. IE11 is the only browser that supports Tracking Protection Lists to block websites from accessing tracking cookies. Google will likely never protect privacy like this because they need to track people to support their advertising-based business model. Only fools think Chrome is really free. Your privacy is the cost of using Chrome.

          Pretty ridiculous how you jump to accusing someone of being "delusional, or a paid Microsoft shill". Sounds to me like you're the shill by questioning such easily justified statements.
          valkyrie-mt
        • So speaks the paid Google shill

          I mean, I can't see why you would criticizes him because he disagrees, unless the pay is good.
          William.Farrel