German Government: Don’t use Internet Explorer
January 18, 2010 by admin
Filed under Security News
772 views 7 Comments
The German government has advised computer users not to run Internet Explorer and run an alternative browser instead, because of a critical zero-day security flaw.
The advice, which came in the form of an official statement from the German Federal Office for Security in Information Technology (known as the Bundesamt für Sicherheit in der Informationstechnik or BSI) says that the as yet unpatched vulnerability is likely to be the same one blamed for hacker attacks on Google and other US companies last week.
The BSI advisory claims that although Microsoft’s advice to run Internet Explorer in ‘protected mode’ and disable Active Scripting makes it more difficult for hackers to attack, it does not completely prevent them.
Here is a rough translation (courtesy of Google Translate) of the BSI statement:
Critical vulnerability in Internet Explorer
BSI recommends the temporary use of an alternative browser
Bonn, 15.01.2010.In Internet Explorer there exists a critical yet unknown vulnerability. The vulnerability allows attackers to inject malicious code via a specially crafted webpage into a Windows computer, in order to infiltrate and control computers. The past week has become known in the Hacker Attack on Google and other U.S. companies has probably exploited the vulnerability.
Affected are the versions 6, 7, and 8 of Internet Explorer on Windows XP, Vista and Windows 7. Microsoft has published a security advisory, in which it discusses ways of minimizing risk and is already working on a patch for the security hole. The BSI expects that this vulnerability will be used in a short time for attacks on the Internet.
Although running Internet Explorer in "protected mode" as well as disabling Acitve Scripting does make it more difficult to attack, it can not completely prevented. Therefore, the BSI recommends that users switch to an alternative browser while waiting for Microsoft's patch.
Once the vulnerability has been closed, the BSI on its warning and information service MayorCERT also informed. Keep informed about the civic-CERT and the BSI warns citizens and small and medium enterprises from viruses, worms and vulnerabilities in computer applications. The expert analysis of the BSI around the clock, the security situation in the Internet and send alerts when action is needed and safety information via E-mail.
The vulnerability means that a hacker could send you a message, perhaps pretending to be from a colleague or friend, and – if you clicked on a link in that email – your vulnerable installation of Internet Explorer would visit a malicious webpage infecting your Windows PC with a Trojan horse.
At that point the hackers could effectively grab control of your computer, with the potential of stealing company secrets, personal information or using it to spread spam or other attacks. The problem is that right now Microsoft doesn’t have a patch to fix their software.
Of course, the German government’s advice that internet users should switch to alternative browsers is unlikely to well received at Microsoft, and pressure is sure to grow on the company to release an “out-of-band” patch to resolve the security flaw as soon as possible.
With Google pointing the finger of blame for the attacks at China, it’s perhaps not surprising that the German government should be keen to ensure that its own computers (whether they be in government or industry) are not next in the firing line of hackers.
Alternative internet browsers such as Firefox, Safari and Opera have all suffered from security vulnerabilities in the past, of course.
You can read SophosLabs’s write-up on the Microsoft security flaw here, as well as further commentary by principal virus researcher Vanja Svajcer.
With all this talk about state-sponsored cyber-spying originating from China clearly spooking the German authorities, it’s perhaps a little ironic that the Germans themselves were accused of using the internet and malware to spy on another country a couple of years ago.
by Graham Cluley, Sophos
Related posts:
- German Government: Don’t use Firefox
- Microsoft to release emergency Internet Explorer patch on Tuesday
- Danger! Internet Explorer zero-day vulnerability – no patch yet
- Protecting against the Internet Explorer zero day vulnerability
- UK Government: We’re sticking with Internet Explorer 6
While it is true that Microsoft Operating systems are plagued with vulnerabilities, the fact is that most organizations, be they governments or private corporations, can effectively mitigate the risk associated with using Microsoft and the products used on them. Every organization must have in place a comprehensive program for application patching. For help setting one up see your IT Service provider.
“Alternative internet browsers such as Firefox, Safari and Opera have all suffered from security vulnerabilities in the past, of course.”
Though, I’m sure they’re more secure over all, right?
- Alan
German hate Microsoft, I think we can count on MS
“Alternative internet browsers such as Firefox, Safari and Opera have all suffered from security vulnerabilities in the past, of course.”
I would think they are more secure partly because IE is targeted the most.
Youre so cool! I dont suppose Ive read anything like this before. So good to find anyone with some unique ideas on this subject. realy thanks for starting this up. this website is one thing that is wanted on the net, someone with a little bit originality. useful job for bringing one thing new to the web!
Maybe is right that we germans hate MS. But the truth is we all sitll us it. And the german Goverment is no exception