US government officials are warning computer users to utilize alternative methods to Microsoft’s Internet Explorer when they access the internet. The web browser has a security flaw, which has allowed hackers to launch attacks and gain access to personal computers. The warning came from a department within the US Home Office, United States Computer Emergence Readiness Team (US-CERT), who issued an advisory notice about IE over the weekend.
The browsers affected are versions 6 to 11, where vulnerability in the software is said to be weakening the security settings. With estimations of between 15 and 25 percent of all global users operating Microsoft IE, the repercussions of hackers gaining control of people’s computers could pose a real problem.
The security flaw emerged after Microsoft stopped providing updates for Windows XP earlier this year, leaving XP vulnerable to attacks. Any PC’s still using the 13 year old system are now unprotected to hackers, who are exploiting the security flaw. Microsoft stated that they are working to protect their customers, either with a security patch or a one off update. The problem does not only affect personal users, but large corporations, including parts of the NHS.
Simon Townsend, chief technologist of Europe at AppSense said: “Such organisations could be impacted by further exploits to this vulnerability as malware creators take further advantage of this security hole which will remain open,” he added: “By using an unsupported platform, organisations are taking a very real risk in terms of data security, as highlighted by this exploit, and need to either move off XP or strictly control user rights and application usage.”
For the moment, Microsoft is advising users to switch to another web browser, while they try to fix the security problem. The gap in security has already led to a professional hacking group launching a sophisticated attack called ‘Operation Clandestine Fox.’ FireEye, an internet security company described the hackers as ‘extremely proficient at lateral movement’ and ‘difficult to track.’ Spokesperson for the company, Vitor De Souza stated: “It’s a campaign of targeted attacks seemingly against U.S.-based firms, currently tied to defense and financial sectors. It’s unclear what the motives of this attack group are, at this point. It appears to be broad-spectrum intel gathering.”
Other hacking groups are now rushing to learn more about the security flaw, before a security patch becomes available, so time is of the essence. In the meantime, users of Windows XP are being advised to upgrade to any of Microsoft’s most recently launched operating systems, such as Windows 7 or 8.