U.S. Tells Users To Stop Using Internet Explorer For Now
http://www.npr.org/blogs/thetwo-way/2014/04/28/307763583/u-s-tells-users-to-stop-using-internet-explorer-for-now
by Eyder Peralta
April 28, 2014
The Department of Homeland Security is warning Americans to stop using the Web browser Internet Explorer because it has a bug that could allow hackers to install malicious software without the user knowing it.
The vulnerability, the United States Emergency Readiness team says, has already been exploited in the wild. Essentially, all a user has to do to become a victim is view a "specially crafted HTML document," which means a Web page or even a rich email or attachment.
"We are currently unaware of a practical solution to this problem," CERT said.
USA Today reports that users can avoid the bug by using another browser for now, or by disabling Adobe Flash.
The paper adds:
"Microsoft confirmed Saturday that it is working to fix the code that allows Internet Explorer versions six through 11 to be exploited by the vulnerability. As of Monday morning, no fix had been posted.
"About 55% of PC computers run one of those versions of Internet Explorer, according to the technology research firm NetMarketShare.
"The bug works by using Adobe Flash to attack a computer's memory."
Krebs on Security, a blog that specializes in these types of stories, reports another way around the bug is to run Internet Explorer in "Enhanced Protected Mode" and "64-bit process mode, which is available for IE10 and IE11 in the Internet Options settings as shown in this graphic.
Vulnerability Note VU#222929 - Microsoft Internet Explorer use-after-free vulnerability
Microsoft Warns of Attacks on IE Zero-Day — Krebs on Security
Homeland Security: Don't use IE due to bug