Don't Use Internet Explorer, Homeland Security Warns
The U.S. Department of Homeland Security's Computer Emergency Readiness Team (CERT) has issued a formal warning to anybody using Internet Explorer: stop using it until Microsoft can patch up severe bug.
The zero-day exploit was discovered by security firm FireEye Research Labs on Saturday and allows for hackers to install malware and steal personal information. In other words, it's potentially bad.
"The exploit leverages a previously unknown use-after-free vulnerability, and uses a well-known Flash exploitation technique to achieve arbitrary memory access and bypass Windows' ASLR and DEP protections," FireEye says.
FireEye reported that the exploit affects Internet Explorer versions 6-11, although the attacks the firm recorded during 2013 seemed to focus on Internet Explorers 9-11. According to NetMarket Share data, Internet Explorer 9 made up 13.9 percent of the Internet Explorer market in 2013. Internet Explorer 10's market share was 11.04 percent and Internet Explorer 11's was 1.32 percent.
Experts also say that the bug is especially dangerous for those running Windows XP, which Microsoft recently ended support for. Windows XP remains one of the most widely used operating systems in the world, and many businesses and governments still using XP.
The only bet is to simply use another browser. It is confirmed that the zero-day Internet Explorer exploit does not affect Safari, Chrome, or FireFox.
"We are currently unaware of a practical solution to this problem," CERT said in post Monday morning.
"US-CERT recommends that users and administrators enable Microsoft EMET where possible and consider employing an alternative Web browser until an official update is available," CERT said in a Sunday statement.
The scope of the damage the Internet Explorer might have caused is still uncertain.
The newly discovered exploit comes hot on the heels of another shocking cybermalware discovery: Heartbleed. Uncovered by Finnish-based security firm Codenomicon a couple weeks ago, Heartbleed sent waves of fear through the Internet because it affected something two-thirds of the world's websites use -- OpenSSL. Many called it the worst exploit ever discovered, although most agree that hackers weren't aware of it until recently. Major websites vulnerable to Heartbleed included Google, Yahoo, and Facebook.
The U.S. government has started taking cybersecurity far more seriously over the past year, especially after details of a massive data breach at Target leaked out late last year. After seeing over 100 million Americans affected, firms, politicians, and consumers are all beginning to accept the importance of erecting sound cybersecurity infrastructure.
"I hate to say it, but I was sort of happy for Target. I feel bad for them, but it got the industry moving on the consumer side and the merchant side," Head of Wells Fargo Merchant Services Debra Rossi said at a Las Vegas payments conference in early April.