U.S. Advises Avoiding Internet Explorer Until Bug Fixed
UPDATE: The U.S. Department of Homeland Security advised computer
users to consider using alternatives to Microsoft Corp’s Internet
Explorer browser until the company fixes a security flaw that hackers
have used to launch attacks. The United States Computer Emergence Readiness Team said in an
advisory released on Monday morning that the vulnerability in versions 6
to 11 of Internet Explorer “could lead to the complete compromise of an
affected system.”
April 27, 2014
Reuters - Microsoft is rushing to fix a bug in its widely used
Internet Explorer Web browser after a computer security firm disclosed a
flaw over the weekend, saying hackers have already exploited it in
attacks on some U.S. companies.
PCs running Windows XP will not
receive any updates fixing that bug when they are released, however,
because Microsoft stopped supporting the 13-year-old operating system
earlier this month. Security firms estimate that between 15 and 25
percent of the world’s PCs still run Windows XP.
Microsoft disclosed on Saturday
its plans to fix the bug in an advisory to its customers posted on its
security website, which it said is present in Internet Explorer versions
6 to 11. Those versions dominate desktop browsing, accounting for 55
percent of the PC browser market, according to tech research firm
NetMarketShare.
Cybersecurity software maker
FireEye said that a sophisticated group of hackers have been exploiting
the bug in a campaign dubbed “Operation Clandestine Fox.”
FireEye, whose Mandiant division
helps companies respond to cyber attacks, declined to name specific
victims or to identify the group of hackers, saying that an
investigation into the matter is still active.
“It’s a campaign of targeted
attacks seemingly against U.S.-based firms, currently tied to defense
and financial sectors,” FireEye spokesman Vitor De Souza said via email.
“It’s unclear what the motives of this attack group are, at this point.
It appears to be broad-spectrum intel gathering.”
He declined to elaborate, though he said one way to protect against them would be to switch to another browser.
Microsoft said in the advisory
that the vulnerability could allow a hacker to take complete control of
an affected system, and then do things such as viewing, changing, or
deleting data; installing malicious programs; or creating accounts that
would give hackers full user rights.
FireEye and Microsoft have not
provided much information about the security flaw or the approach that
hackers could use to figure out how to exploit it, said Aviv Raff, chief
technology officer of cybersecurity firm Seculert.
Yet other groups of hackers are
now racing to learn more about it so they can launch similar attacks
before Microsoft prepares a security update, Raff said.
“Microsoft should move fast,” he said. “This will snowball.”
Still, he cautioned that Windows XP users will not benefit from that
update since Microsoft has just halted support for that product.
The software maker said in a
statement to Reuters that it advises Windows XP owners to upgrade to one
of two most recently versions of its operating system, Windows 7 or 8.
Editor's Note: I recommend you download the free internet browser
Mozilla Firefox.
No comments:
Post a Comment