IE Vulnerability Leads to Temporary German Boycott - The UpStream

IE Vulnerability Leads to Temporary German Boycott

posted Sunday Jan 17, 2010 by Nicholas DiMeo

IE Vulnerability Leads to Temporary German Boycott

Coming off the heels of the possible Chinese government attacks on 20 major companies, the German Federal Office for Security in Information Technology, BSI, has urged the country to immediately switch from Internet Explorer to a different browser. Users would be advised to switch back only after Microsoft has released a patch for an information leak and vulnerability found in the browser that is still popular, but rapidly losing marketshare.

The reports from Google and McAfee have specified a critical flaw in every version of IE that would allow culprits to "perform reconnaissance and gain complete control over the compromised system." Microsoft has quickly responded, stating they are working on an update. However, even in protected mode potential hackers could still exploit the systems, albeit much more difficult.

I know most of our readers aren't fluent in German, so here is the statement from their website, translated via Google:

BSI recommends the temporary use of alternative browsers

Bonn, 15.01.2010.

In Internet Explorer, there is a critical yet unknown vulnerability. The vulnerability allows attackers to inject malicious code via a specially crafted Web page into a Windows computer to infiltrate and set up. The last week became known hacker attack on Google and other U.S. companies has probably exploited the vulnerability.

Affected are the versions 6, 7 a.m. to 8 p.m. Internet Explorer on Windows systems XP, Vista and Windows 7 Microsoft has released a security advisory in which it discusses ways of minimizing risk and is already working on a patch to close the security gap. The BSI expects that this vulnerability will be used in a short time for attacks on the Internet.

Running the Internet Explorer in "protected mode" as well as disabling scripting Acitve Although more difficult to attack, but it can not completely prevented. Therefore, the BSI recommends to switch to the existence of a patch from Microsoft to an alternative browser.

Once the vulnerability has been closed, the BSI will provide information on its warning and information about public-CERT. Keep informed about the civic-CERT and the BSI warns citizens and small and medium enterprises from viruses, worms and vulnerabilities in computer applications. The expert analysis of the BSI around the clock, the security situation in the Internet and send alerts when action is needed and safety information via e-mail.

Advertisement

What You're Saying

Be the first to comment!

Advertisement
We're live now - Join us!
PLuGHiTZ Keyz

Email

Password

Forgot password? Recover here.
Not a member? Register now.
Blog Meets Brand Stats