Microsoft Issues Advisory to Users: Major Security Flaw on Internet Explorer
By Ma Evelyn Castino Quilas | April 29, 2014 11:19 PM EST
Microsoft issued an advisory to all users using Internet Explorer (IE) versions 6 to 11 of a major security flaw on the browser. The advisory dated April 26, 2014 seriously warned consumers on the vulnerability of remote code execution wherein computer hackers could obtain access to the user's computer and operate it remotely.
People using Internet Explorer 7, 8 or 9 on Windows Vista, XP or 7 are vulnerable to a new security threat.
The software giant rushed to fix the problem and promised to roll out the fix for users immediately after attack in some US companies have been reported. With over 50% of the users using IE versions as their browsers, the impact to customers could be quite large.
The Redmond-based company listed the mitigating factors of this major security flaw on a dedicated webpage. Among the factors mentioned are computers running on a restricted mode called Enhanced Security Configuration or web-based attack when users clicking on a link in an email message.
The advisory also mentioned to include solutions by providing monthly security update release process or out-of-cycle security update depending on the needs of the users.
However, with Microsoft's official termination of its support on computers still running on the adolescent OS Windows XP, the advisory brought about more concerns for users cannot anymore receive security updates or bug fixes.
According to security firms, Windows XP is still running in around 15 to 25 percent of the computers across the world to the affected users is quite significant.
Internet Security company Symantec, also issued a statement on this case. The company's blog stated: "Our testing confirmed that the vulnerability crashes Internet Explorer on Windows XP. This will be the first zero-day vulnerability that will not be patched for Windows XP users."
US-Cert issued a guidance statement to all users and administrators using the affected IE versions to review the Microsoft advisory for possible actions or using alternative browsers in the meantime.
The Cybersecurity software maker FireEye Inc. whose mandate is to help companies respond to cyber attacks also gave the same advice as the US-Cert to use alternative browser while the investigation is on-going.
In a report from Huffington Post, FireEye spokesman Vitor De Souza stated: ""It's unclear what the motives of this attack group are, at this point. It appears to be broad-spectrum intel gathering."
So for billons of people all over the globe who access the internet, best use Mozilla Firefox, Google Chrome, Safari, or other browsers in the meantime.
To contact the editor, e-mail: