Microsoft Urges Users to Patch Internet Explorer Flaw
Microsoft is urging users of its Internet Explorer Web browser to download a temporary patch to prevent hackers from possibly taking control of their PCs.
The company posted a security advisory late in the day Sept. 17 advising users to download the Enhanced Mitigation Experience Toolkit (EMET) if their browser is Internet Explorer versions 6 through 9. IE 10, which will be included in the coming Windows 8 operating system, is not affected. Microsoft provides step-by-step instructions on how to download the tool and deploy it.
However, a Reuters news report quotes some computer security experts as saying that the patch might be too difficult for the average computer user to configure and that an easier alternative is to simply download another browser such as Google Chrome, Mozilla Firefox or Opera Software's Opera browser.
A researcher in Luxembourg discovered the flaw Sept. 14 when his PC was infected by a piece of malicious software known as "Poison Ivy" that hackers use to steal data or take remote control of PCs, Reuters reported.
The threat is described as a "zero-day vulnerability," which is computer-speak for a vulnerability that was previously unknown. If a user with a vulnerable browser visits a Website and clicks on a link, malicious code could be downloaded onto their computer.
"We have received reports of only a small number of targeted attacks and are working to develop a security update to address this issue," read a blog post by Yunsun Wee, director of Microsoft's Trustworthy Computing Group. Wee described the EMET as a "workaround" that will protect a user's computer until a more permanent fix is developed.
Besides deploying EMET, Microsoft also advises users to set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones. These settings can be found in the control panel of the Windows XP, Vista or 7 operating systems. However, it notes that while taking that step will help prevent exploitation, it may affect usability. Microsoft, therefore, says that trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
The most recent Microsoft Patch Tuesday, the once-a-month announcement of the latest security updates, was Sept. 11.
Internet Explorer is the most used Web browser with a 53.9 percent share of the market globally, according to NetApplications.com.
Microsoft took the opportunity to remind consumers of the steps they should always take when accessing the Internet on their computers: enable a firewall, apply all software updates and install antivirus and anti-spyware software.