Internet Explorer falls prey to bug; Homeland Security suggests not using it
SAN FRANCISCO — The Department of Homeland Security is advising Americans not to use the Internet Explorer browser until a fix is found for a serious security flaw that was brought to light during the weekend.
The bug was announced on Saturday by FireEye Research Labs, an Internet security software company based in Milpitas, Calif.
“We are unaware of a practical solution to this problem,” the Department of Homeland Security's United States Computer Emergency Readiness Team said in a post.
It recommended that users and administrators “consider employing an alternative Web browser until an official update is available.”
Because the hack uses a corrupted Adobe Flash file to attack the victim's computer, users can avoid it by turning off Adobe Flash.
“The attack will not work without Adobe Flash,” FireEye said. “Disabling the Flash plugin within IE will prevent the exploit from functioning.”
FireEye said that the hackers exploiting the bug are calling their campaign “Operational Clandestine Fox.”
Microsoft confirmed that it is working to fix the code that allows Internet Explorer versions six through 11 to be exploited by the vulnerability. As of Monday, no fix had been posted.
About 55 percent of PCs run one of those versions of Internet Explorer, according to the technology research firm NetMarketShare.
The bug works by using Adobe Flash to attack a computer's memory.