Internet Explorer bug fix: Users advised to avoid Microsoft browser until official patch issued
'Operation Clandestine Fox' exploits IE flaw.
In an advisory released April 28, the U.S. Department of Homeland Security advised Microsoft customers to avoid Internet Explorer (IE), or employ a temporary fix until the browser's security is restored.
The United States Computer Emergency Readiness Team, or US-CERT, stated that IE versions 6 to 11 are compromised, and recommended that IE users either enable Microsoft security tool EMET, or download a different internet browsing software.
IE's security flaw was discovered on April 26 by security software manufacturer FireEye Research Labs. FireEye found that there is an ongoing campaign, dubbed "Operation Clandestine Fox," to exploit IE and Adobe Flash flaws to bypass Windows' security and access a server's memory.
FireEye spokesman Vitor De Souza stated that the hackers have specific objectives.
"It's a campaign of targeted attacks seemingly against U.S.-based firms, currently tied to defense and financial sectors," De Souza told Reuters.
"It's unclear what the motives of this attack group are, at this point. It appears to be broad-spectrum intel gathering."
Although IE versions 6 to 11 have the flaw, FireEye found that only versions 9 to 11 are being attacked. About 55% of PCs run Internet Explorer, and 26% run versions 9 to 11.
Until a patch is available, there are a few ways IE users can protect themselves.
Free Microsoft security tool EMET will help block hackers from accessing a computer system. Experts warn that EMET may cause systems to crash, however, due to program incompatibilities.
Also, IE users can disable Adobe Flash.
"The attack will not work without Adobe Flash," FireEye told Forbes Magazine.
"Disabling the Flash plugin within IE will prevent the exploit from functioning."
Microsoft issued several other workarounds on April 26, including setting security zone settings to "High," disabling Active Scripting, and enabling Enhanced Protected Mode.
Users can also switch to a different internet browser until a patch is available.