DHS warns against using Internet Explorer until bug is patched

The Department of Homeland Security's US-CERT division advises using an alternative web browser until an official IE update is available.

A vulnerability discovered in Internet Explorer over the weekend is serious--serious enough that the Department of Homeland Security is advising users to stop using it until it's been patched.

On Monday, the United States Computer Emergency Readiness Team (US-CERT), part of the U.S. Department of Homeland Security, weighed in. 

"US-CERT is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer," it said in a bulletin. "This vulnerability affects IE versions 6 through 11 and could lead to the complete compromise of an affected system.

"US-CERT recommends that users and administrators enable Microsoft EMET where possible and consider employing an alternative web browser until an official update is available." Enhanced Mitigation Experience Toolkit (EMET) is a Microsoft utility that helps prevent vulnerabilities in software from being successfully exploited, and can be downloaded here. It supports every Microsoft operating system from Windows 7 on up.

Microsoft has yet to decide whether it will issue an emergency patch in the coming days or wait for patch Tuesday on May 13 to repair supported versions of IE. 

The new remote code execution vulnerability, dubbed CVE-2014-1776, has the potential to give hackers the same user rights as the current user. That means a successful attacker who infects a PC running as administrator would have a wide variety of attack open to them such as installing more malware on the system, creating new user accounts, and changing or deleting data stored on the target PC.

Windows XP is especially vulnerable, given that Microsoft discontinued support for the OS earlier this month.

Additional reporting by Ian Paul.

Tags applicationsbrowsersU.S. Department of Homeland SecurityWindowssoftwaresecurity softwareInternet Exploreroperating systemsmalwareDepartment of Homeland SecuritysecurityMicrosoft

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Security Risk Management Solutions

Protect resources and ensure security compliance through incident detection, response, and remediation.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.