Internet Explorer safe to use again after zero-day patch, Germany decides

The German Federal Office for Information Security is reversing its stance on Internet Explorer, after Microsoft released an update that plugs the recently discovered security hole.
Written by Moritz Jaeger, Contributor

Germany's Federal Office for Information Security (BSI), the agency that looks after IT security for the country's federal government, has given the all clear on using Internet Explorer.

Early last week, the agency advised Germany's computer users to ditch IE after researchers discovered a zero-day vulnerability in IE6 to 9. If exploited, the flaw gave an attacker system access with the privileges of the currently logged-in user.

Germany's Federal Office for Information Security has rescinded a warning not to use Internet Explorer.

However, after Microsoft released an out-of-band-patch for Internet Explorer on Friday, the BSI rescinded its recommendation not to use the browser. After installing the patch, and with the rest of the system up to date, users and companies should be safe to use IE as long as they take the usual security precautions, it said.

"We do not decide which software the end user runs on his system," a BSI spokesman told ZDNet. "However, we issue recommendations or warnings — it's up to the user to decide which product he wants use. When Microsoft released a patch, we released a related statement the same evening. We also broadcast the information over services like our Bürger-CERT."

While it might be easy for users to temporarily move to another browser, such a wholesale switch could present more of a problem for companies and organisations that rely on a strictly defined IT environment. The BSI advocates enterprises not put all their eggs in one browser basket: "Our recommendation is to implement a two-browser-strategy," the spokesman added. Businesses also have the option of using the Enhanced Mitigation Experience Toolkit to protect against security vulnerabilities, but it "is probably too complicated for a home user".

The BSI often talks with tech companies and kept up to date with Microsoft during the whole patch issue. "We communicate on a professional level," the spokesman added.

Editorial standards