By Daniel Emery, Technology Reporter, BBC News
The German government has warned web users to find an alternative browser to Internet Explorer to protect security.
The warning from the Federal Office for Information Security comes after Microsoft admitted IE was the weak link in recent attacks on Google's systems.
Microsoft says the security hole can be shut by setting the browser's security zone to "high", although this limits functionality and blocks many websites.
However, German authorities say that even this would not make IE fully safe.
Speaking to BBC News, Graham Cluley of anti-virus firm Sophos said the warning applied to versions 6, 7 and 8 of the browser.
"This is a vulnerability that was announced in the last couple of days. Microsoft have no patch yet and the implication is that this is the same one that exploited on the attacks on Google earlier this week," he said.
"The way to exploit this flaw has now appeared on the internet, so it is quite possible that everyone is now going to have a go."
Microsoft traditionally release a security update once a month - the next scheduled patch is the 9th of February. However, a spokesman for Microsoft told BBC News that developers for the firm were trying to fix the problem.
"We are working on an update on this issue and this may well be involve an out of cycle security update," he said.
Fix development
However, this is no easy task. Not only have the firm got to fix the loophole, but they have to ensure it does not create another one and - equally importantly - works on all computers. This is a challenge compounded by the fact they have to fix three different versions of its browser.
Microsoft said that while all versions of Internet Explorer were affected, the risk was lower with more recent releases of its browser.
The other problem facing developers is that the possible risk might not be prevented by anti-virus software, even when recently updated.
"We've been working to analyse the malware that the Chinese are using. But new versions can always be created," said Mr Cluley.
"We've been working with Microsoft to see if the damage can be mitigated and we are hoping that they will release an emergency patch.
"One thing that should be stressed is that every browser has its security issues, so switching may remove this current risk but could expose you to another."
Related Articles:
No comments:
Post a Comment