Homeland Security: Don't use IE due to bug

Homeland Security: Don't use IE due to bug

Credit: Microsoft

Homeland Security: Don't use IE due to bug

Print
Email
|

by Elizabeth Weise, USA TODAY

KING5.com

Posted on April 28, 2014 at 11:11 AM

SAN FRANCISCO – The U.S. Department of Homeland Security is advising Americans not to use the Internet Explorer Web browser until a fix is found for a serious security flaw that came to light over the weekend.

The bug was announced on Saturday by FireEye Research Labs, an Internet security software company based in Milpitas, Calif.

"We are currently unaware of a practical solution to this problem," the Department of Homeland Security's United States Computer Emergency Readiness Team said in a post Monday morning.

It recommended that users and administrators "consider employing an alternative Web browser until an official update is available."

Because the hack uses a corrupted Adobe Flash file to attack the victim's computer, users can avoid it by turning off Adobe Flash.

"The attack will not work without Adobe Flash," FireEye said. "Disabling the Flash plugin within IE will prevent the exploit from functioning."

FireEye said that the hackers exploiting the bug are calling their campaign "Operational Clandestine Fox."

Microsoft confirmed Saturday that it is working to fix the code that allows Internet Explorer versions six through 11 to be exploited by the vulnerability. As of Monday morning, no fix had been posted.

About 55 percent of PC computers run one of those versions of Internet Explorer, according to the technology research firm NetMarketShare.

The bug works by using Adobe Flash to attack a computers memory.

The victim is lured to a website that contains a Flash file that corrupts the victim's computer's memory. This allows the attacker to run a program within Internet Explorer that allows the attacker to take over the victim's computer.

Computer users who are running the Windows XP operating system are out of luck. Microsoft discontinued support of the system on April 8.

Print
Email
|