1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites
Live TV
Latest audioLatest videos
In focus
UkraineEurovisionIsrael-Hamas war

Internet Explorer at risk

September 18, 2012

The government's Internet security body has advised consumers to temporarily avoid a product altogether. The unusual step follows the identification of a severe security shortfall in Microsoft's Internet Explorer.

https://p.dw.com/p/16B2g
A photo illustration shows a computer screen with the Internet Explorer logo (dpa)
Image: picture-alliance/dpa

The Federal Office for Information Security (BSI) warned people to steer clear of Internet Explorer until the "zero-day" vulnerability - so called because it was identified and exploited by hackers before the producer Microsoft was aware of it - was comprehensively cured.

"A security update from the producer is currently not available. Therefore, the BSI advises all Internet Explorer customers to use an alternative browser to surf the Internet, until the producer has released a security update," the BSI said in a statement on Tuesday.

The weakness allows hackers to take control of computers by luring users to a specially prepared website able to exploit the flaw. Eric Romang, a researcher in Luxembourg, discovered the flaw on Friday, when his PC was infected by a piece of malicious software called Poison Ivy. Such malware is typically used by hackers either to steal personal data or to take remote control of a computer.

The BSI noted in its statement that the "attack code is freely available on the Internet, meaning that a swift, widespread exploitation is probable."

Microsoft suggests temporary fix

The computers affected are those running Internet Explorer 8 and 9 with the Windows 7 operating system, or Explorer 7 or 8 using Windows XP. Microsoft said its latest browser Explorer 10 was not affected.

Microsoft has advised customers to upload a freely available piece of security software called the Enhanced Mitigation Experience Toolkit, available on the company's website. Microsoft said the product must be downloaded, installed and then manually configured to protect computers from the new threat - with the company also advising people to change several Windows security settings to reduce the risk of infection.

Microsoft acknowledged, however, that such changes could have an impact on the usability of computers - prompting some security experts to suggest an alternative solution.

"For consumers it might be easier to simply click on Chrome," Dave Marcus, director of advanced research and threat intelligence with Intel Corp's McAfee security division told Reuters, referring to Google's browser - the narrow market leader over Explorer. Other popular alternatives include Mozilla's Firefox, Opera Software ASA's Opera and Apple's Safari.

Germany's Bonn-based BSI said in its statement that it was in contact with Microsoft and would issue an all-clear to consumers once the problem had been fixed.

msh/mkg (dpa, Reuters)

Skip next section Explore more

Explore more

A smartphone lies unattended on grass - a symbol for cyber insecurity

Cyber crooks get smart on smartphones

Cyber crooks get smart on smartphones

A Norton report says one in 10 people have experienced a cyber attack on a smartphone. It's made DW's Naomi Conrad worried about mobile banking as she goes on a journey in cyber insecurity. (18.09.2012)
September 18, 2012