AUSTRALIAN, UNITED STATES and UK computer emergency response team (CERT) security outfits have warned users to avoid Internet Explorer (IE) until Microsoft manages to fix its latest problem.
Microsoft has already told its users to take care, but has not released a patch yet. The vulnerability affects almost all IE versions, and the CERTs said that internet users will be wise to use alternative web browsers.
According to an alert from the Australian Government's Stay Smart Online, users are best to take the route of downloading a different browser such as Google Chrome or Mozilla Firefox until the issue is resolved, rather than following the more complicated Microsoft workaround.
"Microsoft has issued a security advisory warning about a critical vulnerability affecting all versions of Internet Explorer. The vulnerability is known to be targeted by cyber criminals. You should take action to ensure you will not be affected," the guidance note reads.
"The vulnerability could be exploited if an attacker can gain access to your computer, or if you visit a malicious website using one of the affected versions of Internet Explorer."
The notification from the US CERT was short and to the point. It suggested that users who are not adept at tackling security threats had best choose Chrome or Firefox.
"US-CERT is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer. This vulnerability affects IE versions 6 through 11 and could allow unauthorized remote code execution," it said.
"US-CERT recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds. Those who cannot follow Microsoft's recommendations, such as Windows XP users, may consider employing an alternate browser."
The UK CERT added that anyone that uses Windows XP is particularly at risk, and recommended that users move off the unsupported operating system as well as away from IE.
"Its significance is likely to be that, even once patched, users of Windows XP will be at risk because on current plans no patch would be issued for that version of the operating system following its end of life. As the first such vulnerability to appear, this one is likely to receive a greater than normal level of interest," it advised.
"Users should also consider using alternative browsers, such as Google Chrome and Mozilla Firefox; and ensure that their antivirus software is current and regularly updated. In the longer term, our advice remains (as per alerts issued during March and April 2014) that where possible users and enterprises should implement a controlled migration from Windows XP to later versions of the operating system." µ
It's time for our regular two-step through the Google news
Bug bounty offer: accepted