Take the pledge to vote

For a better tommorow#AajSawaroApnaKal
  • I agree to receive emails from News18

  • I promise to vote in this year's elections no matter what the odds are.
  • Please check above checkbox.

    SUBMIT

Thank you for
taking the pledge

Vote responsibly as each vote counts
and makes a diffrence

Disclaimer:

Issued in public interest by HDFC Life. HDFC Life Insurance Company Limited (Formerly HDFC Standard Life Insurance Company Limited) (“HDFC Life”). CIN: L65110MH2000PLC128245, IRDAI Reg. No. 101 . The name/letters "HDFC" in the name/logo of the company belongs to Housing Development Finance Corporation Limited ("HDFC Limited") and is used by HDFC Life under an agreement entered into with HDFC Limited. ARN EU/04/19/13618
LIVE TV DownloadNews18 App
News18 English
News18 » India
3-min read

Microsoft warns on Internet Explorer security flaw

The security flaw affects hundreds of millions of Internet Explorer browser users.

Reuters

Updated:September 18, 2012, 11:07 AM IST
facebookTwitterskypewhatsapp
Microsoft warns on Internet Explorer security flaw
The security flaw affects hundreds of millions of Internet Explorer browser users.
Loading...

Boston: Microsoft Corp warned a newly discovered bug in its Internet Explorer web browser makes PCs vulnerable to attack by hackers and urged customers to download a piece of security software to mitigate the risk of infection.

The security flaw affects hundreds of millions of Internet Explorer browser users. Microsoft said attackers can exploit the bug to infect the PC of somebody who visits a malicious website and then take control of the victim's computer.

The software maker advised customers on its website late on Monday to install the security software as an interim measure, buying it time to fix the bug and release a new, more secure version of Internet Explorer. The company did not say how long that will take, but several security researchers said they expect the update within a week.

The free security tool, which is known as the Enhanced Mitigation Experience Toolkit, or EMET, is available through an advisory on Microsoft's website: blogs.technet.com/b/msrc/

The EMET software must be downloaded, installed and then manually configured to protect computers from the newly discovered threat, according to the posting from Microsoft. The company also advised customers to adjust several Windows security settings to thwart potential attackers, but cautioned that doing so might impact the PC's usability.

Some security experts said it would be too cumbersome for many PC users to implement the measures suggested by Microsoft. Instead they advised Windows users to temporarily switch from Internet Explorer to rival browsers such as Google Inc's Chrome, Mozilla's Firefox or Opera Software ASA's Opera.

"For consumers it might be easier to simply click on Chrome," said Dave Marcus, director of advanced research and threat intelligence with Intel Corp's McAfee security division.

Marc Maiffret, chief technology officer of the security firm BeyondTrust, said it may not be feasible for some businesses to install Microsoft's EMET tool on their PCs.

He said the security software has in some cases proven to be incompatible with existing programs already running on networks.

Tod Beardsley, an engineering manager with the security firm Rapid7, said that at first blush it appeared that the EMET may not be particularly effective in thwarting potential attacks.

Microsoft officials declined to comment on the skepticism that those security experts expressed about the effectiveness of the EMET software.

Poison Ivy

Eric Romang, a researcher in Luxembourg, discovered the flaw in Internet Explorer on Friday, when his PC was infected by a piece of malicious software known as Poison Ivy that hackers use to steal data or take remote control of PCs.

When he analyzed the infection, he learned that Poison Ivy had gotten on to his system by exploiting a previously unknown bug, or "zero-day" vulnerability, in Internet Explorer.

"Any time you see a zero-day like this, it is concerning," said Liam O Murchu, a research manager with anti-virus software maker Symantec Corp. "There are no patches available. It is very difficult for people to protect themselves."

Zero-day vulnerabilities are rare, mostly because they are hard to identify - requiring highly skilled software engineers or hackers with lots of time to scrutinize code for holes that can be exploited to launch attacks. Security experts only disclosed discovery of eight major zero-day vulnerabilities in all of 2011, according to Symantec.

Symantec and other major anti-virus software makers have already updated their products to protect customers against the newly discovered bug in Internet Explorer. Yet, O Murchu said that may not be sufficient to ward off adversaries.

"The danger with these types of attacks is that they will mutate and the attackers will find a way to evade the defenses we have in place," he said.

Internet Explorer was the world's second-most widely used browser last month, with about 33 per cent market share, according to StatCounter. It was close behind Chrome, which had 34 per cent of the market.

Get the best of News18 delivered to your inbox - subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, TikTok and on YouTube, and stay in the know with what's happening in the world around you – in real time.

Subscribe to Moneycontrol Pro and gain access to curated markets data, trading recommendations, equity analysis, investment ideas, insights from market gurus and much more. Get Moneycontrol PRO for 1 year at price of 3 months. Use code FREEDOM.

Read full article
Loading...
Next Story
Next Story

Also Watch

facebookTwitterskypewhatsapp

Live TV

Loading...
Countdown To Elections Results
To Assembly Elections 2018 Results