Coming off the heels of the possible Chinese government attacks on 20 major companies, the German Federal Office for Security in Information Technology, BSI, has urged the country to immediately switch from Internet Explorer to a different browser. Users would be advised to switch back only after Microsoft has released a patch for an information leak and vulnerability found in the browser that is still popular, but rapidly losing marketshare.
The reports from Google and McAfee have specified a critical flaw in every version of IE that would allow culprits to "perform reconnaissance and gain complete control over the compromised system." Microsoft has quickly responded, stating they are working on an update. However, even in protected mode potential hackers could still exploit the systems, albeit much more difficult.
I know most of our readers aren't fluent in German, so here is the statement from their website, translated via Google:
BSI recommends the temporary use of alternative browsers
In Internet Explorer, there is a critical yet unknown vulnerability. The vulnerability allows attackers to inject malicious code via a specially crafted Web page into a Windows computer to infiltrate and set up. The last week became known hacker attack on Google and other U.S. companies has probably exploited the vulnerability.
Affected are the versions 6, 7 a.m. to 8 p.m. Internet Explorer on Windows systems XP, Vista and Windows 7 Microsoft has released a security advisory in which it discusses ways of minimizing risk and is already working on a patch to close the security gap. The BSI expects that this vulnerability will be used in a short time for attacks on the Internet.
Running the Internet Explorer in "protected mode" as well as disabling scripting Acitve Although more difficult to attack, but it can not completely prevented. Therefore, the BSI recommends to switch to the existence of a patch from Microsoft to an alternative browser.
Once the vulnerability has been closed, the BSI will provide information on its warning and information about public-CERT. Keep informed about the civic-CERT and the BSI warns citizens and small and medium enterprises from viruses, worms and vulnerabilities in computer applications. The expert analysis of the BSI around the clock, the security situation in the Internet and send alerts when action is needed and safety information via e-mail.