IS Magazine Blog

Internet Explorer Browser Bug Calls For Caution

May 01 2014

Windows Internet Explorer 7 (Chalk Logo)

Windows Internet Explorer 7 (Chalk Logo) (Photo credit:jeffwilcox)

On Saturday, Microsoft announced a bug plaguing its popular Internet Explorer browser. The U.S. government, today, followed this announcement with an advisory warning individuals to avoid the use of this browser.

Microsoft reported that this bug might corrupt computer memory in such a way that an attacker would be able to execute code within Internet Explorer. If that isn't clear, it basically means that a hacker could possibly use your system to run any code they desire, simply by getting a user to go to a malicious website.

Obviously, bad news for Internet Explorer Browser users.

This bug affects versions 6 to 11 of Internet Explorer on numerous versions of Windows, with Windows Server editions ranging from 2003 to 2012, the exception. (On these particular operating systems, IE mitigates the problem by operating enhanced security.

FireEye, a security company, was the one who discovered this bug and ultimately notified Microsoft of the problem, prompting them to issue an advisory.

Making this problem even more serious is the fact that Windows XP support has been ended by Microsoft, an operating system that is still widely used, although long-obsolete. The U.S. Computer Emergency Readiness Team has advised users of Windows XP to consider switching to a different browser.

This is probably good advice for everyone. The suggestions that Microsoft has listed for remedying this problem is not something the average person is probably going to be able to follow, likely needing someone such as a full time IT manager in order to implement. (Or, maybe an IT manager with no other option but to allow the use of Internet Explorer for employees -- perhaps because their company's information system will only work with the Internet Explorer browser.)

Deploy the 4.1 Toolkit for Enhanced Mitigation Experience
Set system security settings on high and block Active Scripting and ActiveX Controls in these areas
Configure IE to prompt prior to running Active Scripting or set to disable the Active Scripting
On VGX.DLL modify the system's Access Control List making it more restrictive
For IE 11, enable the Enhanced Protected Mode and the 64-bit Processes
Or, of course, you could simply download Firefox or Chrome and finally be done with the Internet Explorer browser.

FaceBook