Internet Explorer Open to Cyberattack

A security vulnerability has been running rampant in Microsoft Internet Explorer for nearly three weeks, leaving the hugely popular Web browser open to remote attack.

The flaw affects versions 6, 7 and 8 of Internet Explorer for Windows and Windows Vista, and could allow hackers to circumvent Microsoft’s traditional defenses and take control of a user’s system, according to Microsoft.

Microsoft issued a security advisory for the Internet Explorer flaw on Dec. 22, but said that “we are not aware of any affected customers or active attacks targeting customers.”

Internet Explorer’s problems began weeks before. The security firm Kaspersky Lab reported that a French information technology firm, Vupen, discovered the flaw on Dec. 9.

In its advisory, Microsoft wrote that the flaw does not warrant an out-of-band security update, but that the company is “monitoring the threat landscape very closely” and will let its users know “if the situation changes” on its Security Response blog, (www.microsoft.com/security/msrc). Microsoft's next monthly security update is scheduled for Jan. 11.

To avoid falling victim to the security bug, Microsoft urges users to enable all firewalls, and also to download its Enhanced Mitigation Experience Toolkit (EMET), a program that helps prevent vulnerabilities from being exploited.

• Security and Privacy Software Reviews
• Windows Data Recovery 2011
• Stealth Malware Steals and Imitates Social Behavior