Microsoft issues a warning about a newly discovered zero-day flaw in Internet Explorer.
The US government has released an advisory warning Microsoft users to avoid using Internet Explorer until security vulnerabilities are fixed.
The advisory was sent out after security researchers detected bugs in the Internet Explorer version 6 to 11, which they claim could allow hackers to take complete control of an user's computer.
The Computer Emergency Readiness Team (CERT) of US Department of Homeland Security said Microsoft Internet Explorer contains a use-after-free vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
It has recommended that users and administrators review Microsoft Security Advisory (2963983) to fix the bugs, while users who cannot fix the bugs including Windows XP users, should switch to other browsers.
Other advisories have also been issued by the UK National Computer Emergency Response Team, which advised users to switch to browsers like Google Chrome and Mozilla Firefox, and make sure that anti-virus software is updated.
Since Microsoft will not be issuing any patch for Windows XP, following end support for the 13 year old OS on 8 April 2014, the users have been advised to download Microsoft's Enhanced Mitigation Experience Toolkit (EMET) 4.1, the advisory added.
Last week, security firm FireEye Research Labs identified a zero-day exploit in the Internet Explorer version which it claimed used in targeted attacks.
According to the security firm, the vulnerability affects IE6 through IE11, but the attack is targeting IE9 through IE11.
The vulnerability bypasses both ASLR and DEP and the researchers claim that hackers are exploiting the vulnerability in an ongoing campaign under "Operation Clandestine Fox."
Security firm Symantec suggest if users are not opting for Enhanced Mitigation Experience Toolkit, they can consider mitigating the issue by unregistering a DLL file named VGX.DLL.
"This file provides support for VML (Vector Markup Language) in the browser. This is not required by the majority of users. However, by unregistering the library, any application that uses the DLL may no longer function properly," it added.
get a cbr Cyber Security weekly update
Unable to register now