Archive for January, 2010

Germany urging “temporary use of alternative browsers” due to Critical security hole in Internet Explorer

Monday, January 18th, 2010

Browser exploits are becoming quite common, and should all be taken seriously – especially when a country’s Federal Office for Information Technology Security puts out a security bulletin urging their citizens to use a different web browser, as is the case in Germany:

The Babelfish German-to-English translated page is here.

Microsoft’s advisory is at http://www.microsoft.com/technet/security/advisory/979352.mspx, and although their first paragraph mentions reported attacks against Internet Explorer 6, they go on to say that …“Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are vulnerable.”

Internet Explorer 8 has DEP enabled by default on Windows XP Service Pack 3, Windows Vista Service Pack 1, Windows Vista Service Pack 2, and Windows 7, and this makes these browsers less susceptible to these attacks, which involve simply accessing a comprimised web page.  Browsers running in Protected Mode or Enhanced Security Configuration are also less susceptible.

Microsoft is still investigating and will hopefully provide a security update to address this issue.

UPDATE:  France now also recommending the same thing to their citizens.  Here is the Babelfish French-to-English translation of the France bulletin.