Microsoft warns on IE security flaw

2012-09-18 08:25
Microsoft has urged IE users to download a security patch. (Steven Senne, AP)

Microsoft has urged IE users to download a security patch. (Steven Senne, AP)

Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

kalahari.com

Boston - Microsoft warned a newly discovered bug in its Internet Explorer web browser makes PCs vulnerable to attack by hackers and urged customers to download a piece of security software to mitigate the risk of infection.

The security flaw affects hundreds of millions of Internet Explorer browser users. Microsoft said attackers can exploit the bug to infect the PC of somebody who visits a malicious website and then take control of the victim's computer.

The software maker advised customers on its website late on Monday to install the security software as an interim measure, buying it time to fix the bug and release a new, more secure version of Internet Explorer. The company did not say how long that will take, but several security researchers said they expect the update within a week.

The free security tool, which is known as the Enhanced Mitigation Experience Toolkit, or Emet, is available through an advisory on Microsoft's website.

The Emet software must be downloaded, installed and then manually configured to protect computers from the newly discovered threat, according to the posting from Microsoft. The company also advised customers to adjust several Windows security settings to thwart potential attackers, but cautioned that doing so might impact the PC's usability.

Cumbersome

Some security experts said it would be too cumbersome for many PC users to implement the measures suggested by Microsoft. Instead, they advised Windows users to temporarily switch from Internet Explorer to rival browsers such as Google's Chrome, Mozilla's Firefox or Opera Software ASA's Opera .

"For consumers it might be easier to simply click on Chrome," said Dave Marcus, director of advanced research and threat intelligence with Intel Corp's McAfee security division.

Marc Maiffret, chief technology officer of the security firm BeyondTrust, said it may not be feasible for some businesses to install Microsoft's Emet tool on their PCs.

He said the security software has in some cases proven to be incompatible with existing programs already running on networks.

Tod Beardsley, an engineering manager with the security firm Rapid7, said that at first blush it appeared that the Emet may not be particularly effective in thwarting potential attacks.

Microsoft officials declined to comment on the scepticism that those security experts expressed about the effectiveness of the Emet software.

Eric Romang, a researcher in Luxembourg, discovered the flaw in Internet Explorer on Friday, when his PC was infected by a piece of malicious software known as Poison Ivy that hackers use to steal data or take remote control of PCs.

Unknown bug

When he analysed the infection, he learned that Poison Ivy had exploited a previously unknown bug on his system, or "zero-day" vulnerability, in Internet Explorer.

"Any time you see a zero-day like this, it is concerning," said Liam O Murchu, a research manager with anti-virus software maker Symantec. "There are no patches available. It is very difficult for people to protect themselves."

Zero-day vulnerabilities are rare, mostly because they are hard to identify - requiring highly skilled software engineers or hackers with lots of time to scrutinise code for holes that can be exploited to launch attacks. Security experts only disclosed discovery of eight major zero-day vulnerabilities in all of 2011, according to Symantec.

Symantec and other major anti-virus software makers have already updated their products to protect customers against the newly discovered bug in Internet Explorer. Yet, O Murchu said that may not be sufficient to ward off adversaries.

"The danger with these types of attacks is that they will mutate and the attackers will find a way to evade the defences we have in place," he said.

Internet Explorer was the world's second-most widely used browser in August, with about 33% market share, according to StatCounter. It was close behind Chrome, which had 34% of the market.

Read more on:    microsoft  |  internet  |  cyber crime
NEXT ON NEWS24X

Read News24’s Comments Policy

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
15 comments
Add your comment
Comment 0 characters remaining
 

Inside News24

 
 

DA wants to empower fishing communities - Zille

DA leader Helen Zille says the party has a plan for harbours and small-scale fishing communities.

 
 

Latest elections multimedia

Why Jack Parow wants you to vote on 7 May
The ad the SABC doesn't want to air
Elections 2014 in one cartoon
This year's election posters
 
Traffic
Lottery
 
  • Friday Somerset West - 08:57 AM
    Road name: N2 Outbound
    DELAYS through Somerset West due to high volumes
  • Thursday Sir Lowry's Pass - 05:35 AM
    Road name: Old Sir Lowrys Pass Road
    TRAFFIC LIGHTS not working at Bezweni Road
 
More traffic reports...
 

Jobs in Cape Town [change area]

Property [change area]

Travel - Look, Book, Go!

Escape winter, head to Mauritius

Escape winter by spending 7 nights in Mauritius' tropical bliss from R13 215 per person sharing. Includes return flights, airport transfers and accommodation. Book now!

Kalahari.com - shop online today

Get many eggs in one basket!

Gaming bundles: 2 Super Hits games for R99, 3 Disney games for R99 and more + exclusive accessory bundles only available on kalahari.com. While stocks last. Shop now!

25% off bestselling books!

The Real Meal Revolution by Tim Noakes, Jeffrey Archer’s Be Careful What You Wish for, Man’s Search for Meaning by Victor E. Frank and many more titles. Shop now!

Up to 25% off electronics

Buy top electronics and save up to 25%. Such as kalahari.com’s 1# selling product the gobii eReader, Patriot X Porter flash drive, Asus Nexus 7” 3G tablet, Samsung Galaxy SIII, Lenovo G580 Notebook and many more. Shop now!

DStv HD PVR Decoder now R949

The DStv HD PVR Decoder has further revolutionised the television experience with lifelike viewing, sharper images, more vibrant colours and precision picture quality. Now R949, save R550. Offer valid while stocks last. Shop now!

Up to 30% off appliances & homeware

Save up to 30% on appliances and homeware this Easter! Offer valid while stocks last. Shop now.

OLX Free Classifieds [change area]

Samsung Galaxy s4

Mobile, Cell Phones in South Africa, Western Cape, Cape Town. Date October 24

Best bargain in big bay

Real Estate, Houses - Apartments for Sale in South Africa, Western Cape, Cape Town. Date October 25

VW Golf 6, 1.6 Trendline (Excellent condition)

Vehicles, Cars in South Africa, Western Cape, Cape Town. Date October 25

Nokia C3

The Nokia C3 Features a 2+ Megapixel Camera, A2DP, Bluetooth,...

From R1175.00

I'm shopping for:

Horoscopes
Aquarius
Aquarius

You may find yourself putting in that extra effort on looking good and making an impression. ...read more

There are new stories on the homepage. Click here to see them.
 
English
Afrikaans
isiZulu

Hello 

Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.


Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.

Settings

Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.








Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.