The U.S. Department of Homeland Security recommends not using Internet Explorer as your web browser because it is currently vulnerable to hackers.
Microsoft confirmed over the weekend that the security flaw affects the Internet Explorer Web browser versions 6 through 11, but the attack is targeting 9 through 11.
FireEye Research Labs, an Internet security software company based in Milpitas, California, immediately alerted Microsoft when they first discovered the security breach. “We are currently unaware of a practical solution to this problem,” said the engineers in a post Monday morning.
The glitch allows hackers to exploit flaws and attack a computers memory using Adobe Flash. Therefore, FireEye noted, “The attack will not work without Adobe Flash. Disabling the Flash plugin within IE will prevent the exploit from functioning.”
The hackers exploiting the bug are calling their campaign “Operational Clandestine Fox.”
“It’s a campaign of targeted attacks seemingly against U.S.-based firms, currently tied to defense and financial sectors,” said FireEye spokesman Vitor De Souza on Sunday. “It’s unclear what the motives of this attack group are, at this point. It appears to be broad-spectrum Intel gathering.”
The United States Computer Emergency Readiness Team released this statement on Monday, April 28th:
“US-CERT is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer. This vulnerability affects IE versions 6 through 11 and could allow unauthorized remote code execution.
US-CERT recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds. Those who cannot follow Microsoft’s recommendations, such as Windows XP users, may consider employing an alternate browser.
For more details, please see VU#222929.”
According to the technology research firm NetMarketShare, about 55% of PC computer run one these versions of Internet Explorer, and about 25% run either IE9 or IE10.
The best course of action is to disable your Adobe Flash and use alternate web browsers, such as Google Chrome or Mozilla FireFox, until an official update is available.
For more suggested solutions, visit Microsoft Security Advisory 2963983.