Microsoft recognized and promised to fix a security flaw in its Internet Explorer browser yesterday. The company said that hackers can use this bug to exploit and take control of millions of machines and thus harm unsuspecting users if they visit a malicious website. Although a timeline has not been provided as to how soon will they be able to release a fix, but seeing the urgency of the situation, it is expected to do that soon in the coming week. The bug however affects users of Internet Explorer 6 to 9, while IE10 has not been mentioned in the list of those affected. According to NBCNews, the loophole was recognized when a security researcher’s machine got infected when he was analyzing a computer server used to launch a cyber industrial espionage campaign on at least 48 chemical and defense companies. While the security flaw is being fixed, Microsoft has released an advisory and has suggested users to use
Enhanced Mitigation Experience Toolkit (EMET) as a workaround that is available on its website. The advisory also suggests users to keep all third party and Microsoft software updated while ensuring that the firewall is functioning properly. This is what the company had to say in its statement about the issue:
“There have been an extremely limited number of attacks—the vast majority of Internet Explorer users have not been impacted. We are working on an easy-to-use, one-click fix that will be released in the next few days.”
These developments have even prompted the German government to encourage people to use other browsers for the time being until the security issue is fixed, since most users might be unwilling to go through and configure the lengthy and complex workarounds suggested by Microsoft.
