Every Version Of Internet Explorer Has Same Security Flaw

By Jim Finkle

BOSTON -- The U.S. Department of Homeland Security advised computer users to consider using alternatives to Microsoft's Internet Explorer browser until the company fixes a security flaw that hackers have used to launch attacks.

The bug is the first high-profile security flaw to emerge since Microsoft (MSFT) stopped providing security updates for Windows XP earlier this month. That means PCs running the 13-year old operating system could remain unprotected against hackers seeking to exploit the newly uncovered flaw, even after Microsoft figures out how to defend against it.

The United States Computer Emergency Readiness Team, a part of Homeland Security known as US-CERT, said in an advisory released Monday that the vulnerability in versions 6 to 11 of Internet Explorer could lead to "the complete compromise" of an affected system.

"We are currently unaware of a practical solution to this problem," Carnegie Mellon's Software Engineering Institute warned in a separate advisory, that US-CERT linked to in its warning.

Versions 6 to 11 of Internet Explorer dominate desktop browsing, accounting for 55 percent of the PC browser market, according to tech research firm NetMarketShare. Google's (GOOG) Chrome and Mozilla's Firefox account for the majority of the rest of the traffic.

News of the vulnerability surfaced over the weekend as Microsoft said its programmers were rushing to fix the problem as quickly as possible. Cybersecurity software maker FireEye Inc warned that a sophisticated group of hackers have been exploiting the bug in a campaign dubbed "Operation Clandestine Fox."

FireEye (FEYE), whose Mandiant division helps companies respond to cyber attacks, declined to name specific victims or identify the group of hackers, saying that an investigation into the matter is still active.

"It's a campaign of targeted attacks seemingly against U.S.-based firms, currently tied to defense and financial sectors," FireEye spokesman Vitor De Souza said Sunday. "It's unclear what the motives of this attack group are, at this point. It appears to be broad-spectrum intel gathering."

In addition to possibly switching to an alternative web browser, US-CERT advised businesses to consider using a free Microsoft security tool known as EMET, or the Enhanced Mitigation Experience Toolkit, to thwart potential attacks. Security experts say EMET is helpful in staving off attacks, but businesses are sometimes reluctant to use it because it can cause systems to crash due to incompatibility with some software programs.

Increase your money and finance knowledge from home

Basics of Diversification

Learn one of the fundamental concepts of building a portfolio.

View Course »

Managing your Portfolio

Keeping your portfolio and financial life fit!

View Course »

Add a Comment

*0 / 3000 Character Maximum

10 Comments

Filter by:
alfredschrader

I was building logic circuits while Bill Gates was still in school.
Hacking is a criminal act even if the NSA does it. And criminals are the bad guys, and bad guys are, well, bad.

April 28 2014 at 3:01 PM Report abuse +1 rate up rate down Reply
bruceh2

Why is anyone still surprised when anything happens to MICROSOFT products. The last four letters in their name says it all. It's like building a house, leaving all the windows and doors open and unlocked, then wondering how someone got in.

April 28 2014 at 2:01 PM Report abuse rate up rate down Reply
wlh1923

Have pretty much always used other browsers (firefox). I will very occasionally sign on with it if there is a rare news item video I want to see that is otherwise blocked by my other browser. Otherwise there is no reason to use it.

April 28 2014 at 12:09 PM Report abuse +2 rate up rate down Reply
martrnbsn

China? Russia? NSA?
We don't who is stealing from us anymore.

April 28 2014 at 10:27 AM Report abuse +3 rate up rate down Reply
toddpugz

I thought everyone already knew this!

April 28 2014 at 9:58 AM Report abuse +2 rate up rate down Reply
gordbzz231

Still using Internet Explore ?

April 28 2014 at 9:51 AM Report abuse +1 rate up rate down Reply
jimjab

Maybe our government should pay Microsoft to support XP. This could be considered a national security risk. Take the money from foreign aid.

April 28 2014 at 8:34 AM Report abuse +7 rate up rate down Reply
jeql120nb4mje

Makes one wonder if Microsoft knew about this all along and did nothing to fix it before they stopped supporting XP...Windows 8 sucks. 8.1 sucks. XP was the best operating, most flexable OS ever. Microsoft sucks.

April 28 2014 at 8:18 AM Report abuse +10 rate up rate down Reply
savannahswithgod

I wonder when will someone gets through the automatic updates with a virus and shuts the net down. I've lost my stuff twice to viruses.

April 28 2014 at 8:04 AM Report abuse +3 rate up rate down Reply
seaguypnp

Some businesses use it exclusively because other browsers will not work with proprietary systems or sites.

April 28 2014 at 7:35 AM Report abuse +2 rate up rate down Reply