Security leak: federal office warns against internet explorer

Security leak: federal office warns against internet explorer

Affected are computers that use the internet explorer in the versions 7 or 8 under the operating system microsoft windows XP, as well as in the versions 8 and 9 under microsoft windows 7, explained the BSI on monday evening.

A microsoft spokesman, speaking to the dpa news agency on tuesday, stressed that the recently discovered security hole is not currently being exploited on a massive scale, but only for a few targeted attacks. "We hardly see any activity in the field." His company is working at full speed to close the security gap.

According to microsoft, the newer internet explorer 10 is not affected by the security breach. However, traditionally many internet users are on the move with earlier software versions. In a blog entry, microsoft explained how experts can secure the computer in the meantime by changing the settings and installing the software component EMET (enhanced mitigation experience toolkit). An upcoming "patch" to fix the software bug will also be able to be executed by technical laymen.

The BSI pointed out that for a successful attack, it is sufficient to lure the internet user to a prepared web page. Even while viewing this website, the vulnerability could be exploited to execute arbitrary software code on the computer with the user’s rights. This allows the attackers not only to spy on the computer, but also to execute arbitrary programs. In addition, the PC could be hijacked for attacks on other computers.

The security gap was previously unknown and is already being exploited in targeted attacks. "The BSI therefore recommends that all users of internet explorer use an alternative browser for internet use until the manufacturer has made a security update available," the BSI statement read.

First indications of the security leak and the attacks had been given on the weekend. According to IT security experts, trojans were loaded onto the computers during the attacks, malware that acts unnoticed by the user.

Leave a Reply

Your email address will not be published.