Even the U.S. and UK Governments say stop using Internet Explorer

By Alexandra Burlacu | Apr 29, 2014 06:54 AM EDT

Share This Story

  • Print
  • Email


Microsoft has issued a warning regarding a recently-discovered zero-day flaw in Internet Explorer, and even the U.S. and UK governments advise consumers to stop using the browser.

Follow us

This severe vulnerability is the first one to be discovered after Microsoft put its old Windows XP to bed, and affects all versions of the software starting with Internet Explorer 6. This means that all subsequent versions - IE7, IE8, IE9, IE10, and IE11 - are affected as well, not just IE 6. If exploited, the vulnerability could allow for the remote execution of code, posing serious risks.

"The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated," Microsoft explains. "The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer."

In light of these findings, the United States Computer Emergency Readiness Team - US-CERT and its UK counterpart - UK-CERT - have issued warnings themselves to advise users at risk.

"US-CERT is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer. This vulnerability affects IE versions 6 through 11 and could allow unauthorized remote code execution," reads a warning. "US-CERT recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds. Those who cannot follow Microsoft's recommendations, such as Windows XP users, may consider employing an alternate browser."

According to Microsoft, however, the vulnerability is not that easy to exploit. In order to exploit it via the web, an attacker would need to set up a specially designed website containing code, and would also have to convince people to access the website. Even so, the company still strongly recommends that all users run an enabled firewall, apply all available software updates, and install reliable and efficient anti-malware software to protect their machines.

While it is highly advisable to use an alternate browser, those who still want to use Internet Explorer can at least reduce the risk by taking some precautionary measures. For instance, Internet Explorer in Windows Server versions 2003, 2008, 2008 R2, 2012, and 2012 R2, runs in a restricted mode by default. This Enhanced Security Configuration can significantly reduce the risk of exposure to the flaw. Similarly, Microsoft Outlook, Outlook Express, and Windows Mail also minimize the risk by opening HTML email messages in the Restricted sites zone.

As far as actually solving the issue goes, currently there is no fix available. Microsoft said that a solution may arrive either via its monthly security update release, or through an out-of-cycle security update. The company has yet to provide a date for when a patch will become available to solve the issue.

As expected, Windows XP users will not receive any patch to fix this vulnerability, as Microsoft has ended all support for the old OS earlier this month. For other versions of Windows, use an alternate browser until Microsoft issues a patch. 


Get the Most Popular Mobile&Apps Stories in a Weekly Newsletter

Microsoft, Internet Explorer, IE, US-CERT, UK-CERT

Join Our Conversation

The HTC logo is seen with different devices from the brand HTC M10 Perfume Launching A Month Later After MWC 2016
Lava Unleashes New P7 Device Into The Indian Market
New Disney Phone Coming To Japan
Xiaomi Locks Redmi Note 3, Mi 4c And Mi Note Pro; Others To Follow Suit?
Tablet / Laptop / PC
Dell Venue 7 and Venue 8 Dell unveils Venue 7 and Venue 8 Android 4.3 Jelly Bean tablets
Retina iPad Mini facing delays, may not launch until early next year
Refurbished 128GB iPad with Retina Display now available on the Apple Online Store
Samsung Galaxy Note 10.1 – 2014 Edition: Pricing and availability now official
Amazon Logo Amazon reportedly to launch ‘Firetube’ set-top box before 2013 holidays
Samsung Galaxy Note 3 and Galaxy Gear India launch: Pricing and availability
Samsung Galaxy Gear Android smartwatch now up for pre-order in Canada
Samsung Galaxy Gear 2 reportedly in the works already, may debut at CES or MWC 2014
OS / Software
HTC Logo HTC reportedly considering Android/Windows Phone dual-booting smartphone as Microsoft pushes for deeper Windows mobile integration
iOS 7 Chrome Incognito mode leaks private searches due to bug
Sprint HTC One Android 4.3 Jelly Bean already rolling out, AT&T, T-Mobile & Verizon to follow
Microsoft Windows 8.1 now available for pre-order
Internet / Social Media
Google Downtime Google blacks out for two minutes, causes 40 percent drop in world’s Internet traffic
Xbox Music web player is live and ready for Xbox Music Pass subscribers
Facebook Android app collected phone numbers even if users never logged in
Firefox 22 brings support for web video calls, 3D gaming, and Unreal Engine 3
What's App
ZTE's new lease program ZTE’s new Lease-to-own Program for Mobile Devices
LG’s G Pay to Take on Google, Samsung and Apple
Facebook: Taxes in the UK and a new Shopping tab
Samsung’s VR Headset to be Released at $99, Hulu Jumps Onboard with Apps Ready

Most Popular

© 2016 IBT Media Inc. All Rights Reserved.mobilenapps