Internet Explorer safe to use again after zero-day patch, Germany decides

Internet Explorer safe to use again after zero-day patch, Germany decides

Summary: The German Federal Office for Information Security is reversing its stance on Internet Explorer, after Microsoft released an update that plugs the recently discovered security hole.


Germany's Federal Office for Information Security (BSI), the agency that looks after IT security for the country's federal government, has given the all clear on using Internet Explorer.

Early last week, the agency advised Germany's computer users to ditch IE after researchers discovered a zero-day vulnerability in IE6 to 9. If exploited, the flaw gave an attacker system access with the privileges of the currently logged-in user.

Germany's Federal Office for Information Security has rescinded a warning not to use Internet Explorer.

However, after Microsoft released an out-of-band-patch for Internet Explorer on Friday, the BSI rescinded its recommendation not to use the browser. After installing the patch, and with the rest of the system up to date, users and companies should be safe to use IE as long as they take the usual security precautions, it said.

"We do not decide which software the end user runs on his system," a BSI spokesman told ZDNet. "However, we issue recommendations or warnings — it's up to the user to decide which product he wants use. When Microsoft released a patch, we released a related statement the same evening. We also broadcast the information over services like our Bürger-CERT."

While it might be easy for users to temporarily move to another browser, such a wholesale switch could present more of a problem for companies and organisations that rely on a strictly defined IT environment. The BSI advocates enterprises not put all their eggs in one browser basket: "Our recommendation is to implement a two-browser-strategy," the spokesman added. Businesses also have the option of using the Enhanced Mitigation Experience Toolkit to protect against security vulnerabilities, but it "is probably too complicated for a home user".

The BSI often talks with tech companies and kept up to date with Microsoft during the whole patch issue. "We communicate on a professional level," the spokesman added.

Topics: Security, Browser, Microsoft, EU

Moritz Jaeger

About Moritz Jaeger

Moritz is a Munich-based IT-journalist with more than eight years of experience as an author under his belt.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Security

    doesn't start and end with the browser but is all encompassing from browser to desktop to network to user education and IT governance. Although not putting all eggs in one basket is sound advice running multiple browsers.also increases the attack foot print especially if not managed properly or lacking centralised management tools.
    • Not sure multiple browsers a solution?

      Seems to me a multi browser approach just adds to the security overhead for a company. Now they have to monitor multi browser risks and not just one. If you were reading up on this issue Microsoft issues a temporary fix right away that served to limit any issues. I think Microsoft was able to handle it well and we have yet to hear about any significant infections.
      • "Microsoft was able to handle it well"

        Whaa?? Who chose not to release a timely Flash update for IE 10 for W8, thereby putting their users at risk unnecessarily? Only to backtrack thereafter and produce a quick fix, due to subsequent criticism?

        Then they opt to hoist EMET on the masses as a suitable end-around for this latest browser vulnerability, something probably deployed by like 2% of their online user base due to its configuration requirement. Hellooo.

        All's well that ends well, sure, but what a roundabout and convoluted way to get there.
  • EMET is a viable option for business and home users

    Too complicated for a home user to use EMET? I have it installed on 3 physical PCs and 4 VMs at home. It causes me no problems at all and it is very easy to configure. I have it routinely configured for all of my internet facing and potentially at risk programs. The list on all PCs contains almost 100 processes protected by EMET.

    EMET is great to leave enabled since it provides some (but not total) protection against such Zero day flaws. I also think that a 2 browser strategy is a good idea as long as you keep both browsers fully patched.

    I have used EMET since v2.0.0.3 and it works easily and provides reassuring protection, v3.0 and the preview of v3.5 are even better. I have used EMET with Windows XP, Windows Vista, Windows 7 and the Release Preview of Windows 8.

    • Home user

      Hi JimboC421, I don't think, that you are a home user as the BSI defines it.
      Not with 7 installations up and running :)
      Moritz Jaeger
      • Good point

        That's true I never thought of it like that! Hahaha.
  • Internet Explorer safe to use again after zero-day patch, Germany decides

    Microsoft Internet Explorer has always been safe to use especially if you know how to use its built in tools for a problem free browsing experience. There was no reason for Germany to claim differently considering the very minimal impact the vulnerability had and could only be used when you visited a rogue site.
    Loverock Davidson-
    • Mr. Davidson-

      1. Internet Explorer has not always been safe to use. Especially, when there are IE exploits in-the-wild and patches have not been made available to users by Microsoft.
      2. Most Windows users don't know how to use IE's built-in tools to reduce their attack surface while browsing.
      3. There are no trusted sites on the Internet.
      4. It's sad that the German government is the only one that provides public warning to it's citizens when popular software is deemed unsafe to use.
      Rabid Howler Monkey
      • Must agree with fake Loverock

        IE is pretty safe when you don't use it to access the Internet.
        • With that same logic, computers are safer to use if you leave them turned

          off and completely disconnected from the internet.

          If fact, the safest computing experience for any user, is to not get one at all.

          Good logic; same as yours above.
          • Not quite

            It becomes a fallacious argument when you employ the terms "use" and "user" in the kind of context you chose, neither of which would be established, and therefore valid.

            [i.e. you can't "use "a computer if it is turned off, and a "user" can't have any kind of "computing experience" if one doesn't have a computer to begin with].

            IE, OTOH, is a fixed (established) component in Windows that can be optionally turned off or ignored.
          • You're technically correct, but, the points I made are factually correct,

            since, someone can buy a computer, and never use it, and it could be used for "show" or as decoration. ;)

            But, to correct for technicalities, perhaps the term to use should be "owner(s)" instead of "user(s)".

            However, I'm pretty sure you understood my points without corrections, and in reference and context to the poster to whom I was replying, my logic and post, is a good rebuttal to what he/she posted. So, technically, you made no salient point, nor a rebuttal to my comments. Nice try, though.
          • Now you just got to work on your logic

            That may prove to be tougher, if your last reply is any indication.
          • Logic is beyond your capabilites, so, why should I bother to explain

            anything to you.

            I tried to teach my dog how to read the paper out loud to me, but, he failed, because, he didn't have the smarts to understand what I was asking him to do, nor the capabilities to do so. You remind me of my dog. Now, I realize that trying to teach a dog to read is beyond his capabilities to begin with, but, so is trying to get you to understand logic. ;)
      • Let's see who takes up the challenge

        of arguing against those basic bullet points.
        • Those points are mostly irrelevant, and superfluous, since, for the most

          part, and for what people use a browser for, they're not concerned about the technicalities within a browser, nor with it's secure/insecure nature. Most people have come to "trust" the browser and OS designers and developers, and for the most part, they haven't done so badly.

          Errors and bugs and fixes are part of the nature of software, and, there hasn't been, nor will there ever be, a perfect piece of software. Therefore, the points made, are immaterial.
          • I should have known it'd be you

            to take up the challenge. Next I'll spot you on a leaky boat with a pale, singing its praises. ;)
          • Of course it had to be me, since, I can't let the illogical go without a


            Try using some more common sense, and you might escape my challenges.
  • Internet Explorer safe to use again after zero-day patch

    not in a 100 years will it be safe
    • For the most part, it's safe now, and nobody will have to wait 100 years,

      except for you. Safe is a relative term, and, you'd have to apply the same concept of safe to all software and even to hardware. So, go wait in an isolated island somewhere, where nobody will care or notice how you'll be wasting 100 years of your life, if you live that long.