Even the U.S. and UK Governments say stop using Internet Explorer

By Alexandra Burlacu | Apr 29, 2014 06:54 AM EDT

Share This Story

  • Print
  • Email

 

Microsoft has issued a warning regarding a recently-discovered zero-day flaw in Internet Explorer, and even the U.S. and UK governments advise consumers to stop using the browser.

Follow us

This severe vulnerability is the first one to be discovered after Microsoft put its old Windows XP to bed, and affects all versions of the software starting with Internet Explorer 6. This means that all subsequent versions - IE7, IE8, IE9, IE10, and IE11 - are affected as well, not just IE 6. If exploited, the vulnerability could allow for the remote execution of code, posing serious risks.

"The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated," Microsoft explains. "The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer."

In light of these findings, the United States Computer Emergency Readiness Team - US-CERT and its UK counterpart - UK-CERT - have issued warnings themselves to advise users at risk.

"US-CERT is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer. This vulnerability affects IE versions 6 through 11 and could allow unauthorized remote code execution," reads a warning. "US-CERT recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds. Those who cannot follow Microsoft's recommendations, such as Windows XP users, may consider employing an alternate browser."

According to Microsoft, however, the vulnerability is not that easy to exploit. In order to exploit it via the web, an attacker would need to set up a specially designed website containing code, and would also have to convince people to access the website. Even so, the company still strongly recommends that all users run an enabled firewall, apply all available software updates, and install reliable and efficient anti-malware software to protect their machines.

While it is highly advisable to use an alternate browser, those who still want to use Internet Explorer can at least reduce the risk by taking some precautionary measures. For instance, Internet Explorer in Windows Server versions 2003, 2008, 2008 R2, 2012, and 2012 R2, runs in a restricted mode by default. This Enhanced Security Configuration can significantly reduce the risk of exposure to the flaw. Similarly, Microsoft Outlook, Outlook Express, and Windows Mail also minimize the risk by opening HTML email messages in the Restricted sites zone.

As far as actually solving the issue goes, currently there is no fix available. Microsoft said that a solution may arrive either via its monthly security update release, or through an out-of-cycle security update. The company has yet to provide a date for when a patch will become available to solve the issue.

As expected, Windows XP users will not receive any patch to fix this vulnerability, as Microsoft has ended all support for the old OS earlier this month. For other versions of Windows, use an alternate browser until Microsoft issues a patch. 

 

Get the Most Popular Mobile&Apps Stories in a Weekly Newsletter

© 2014 Mobile & Apps All rights reserved. Do not reproduce without permission.

Featured Video : Intel Pocket Avatars

Join Our Conversation

Smartphones
iPad Air 2 leaked imagesApple to add gold color option to 2014 full-size iPad, launch expected this month
Microsoft Windows 10 officially unveiled – Here’s the deal
Samsung Galaxy Note 4 gap is a ‘necessary manufacturing feature,’ not a defect
iPad Air 2 and iPad Mini 3 to boast Touch ID, Apple Pay
Tablet / Laptop / PC
Dell Venue 7 and Venue 8Dell unveils Venue 7 and Venue 8 Android 4.3 Jelly Bean tablets
Retina iPad Mini facing delays, may not launch until early next year
Refurbished 128GB iPad with Retina Display now available on the Apple Online Store
Samsung Galaxy Note 10.1 – 2014 Edition: Pricing and availability now official
Gadgets
Amazon LogoAmazon reportedly to launch ‘Firetube’ set-top box before 2013 holidays
Samsung Galaxy Note 3 and Galaxy Gear India launch: Pricing and availability
Samsung Galaxy Gear Android smartwatch now up for pre-order in Canada
Samsung Galaxy Gear 2 reportedly in the works already, may debut at CES or MWC 2014
OS / Software
HTC LogoHTC reportedly considering Android/Windows Phone dual-booting smartphone as Microsoft pushes for deeper Windows mobile integration
iOS 7 Chrome Incognito mode leaks private searches due to bug
Sprint HTC One Android 4.3 Jelly Bean already rolling out, AT&T, T-Mobile & Verizon to follow
Microsoft Windows 8.1 now available for pre-order
Internet / Social Media
Google DowntimeGoogle blacks out for two minutes, causes 40 percent drop in world’s Internet traffic
Xbox Music web player is live and ready for Xbox Music Pass subscribers
Facebook Android app collected phone numbers even if users never logged in
Firefox 22 brings support for web video calls, 3D gaming, and Unreal Engine 3
What's App
Vine update brings new camera experienceVine gets major update, lets you upload previously-shot videos & more (VIDEO)
BlackBerry Messenger (BBM) finally hits Windows Phone – Available as a free download now
Instagram releases Bolt ephemeral messaging app in select markets to challenge Snapchat
PayPal for iOS update brings loyalty card support, other features and enhancements
Copyright © 2014 Mobile & Apps All rights reserved. mobilenapps
Real Time Analytics