In the wake of cyber attacks  on Google and 33 other corporations, media outlets including the ABC are reporting recommendations from Australian, French and German government information security agencies to stop using Microsoft’s Internet Explorer web browser.

The recent attacks took advantage of what’s called a zero day exploit — that is, a vulnerability that is already being actively exploited by hackers before software vendors have even become aware of it, let alone developed, tested and issued a security patch.

Zero day exploits are common, and the bugs are usually fixed in software vendors’ regular update cycles. Microsoft, for example, has its “Patch Tuesday” on the second Tuesday of every month US time, and issues updates for Windows, Microsoft Office and other products in a batch to make it easier for IT staff to manage their workload.

Until a patch is released, systems administrators are warned of newly discovered vulnerabilities and recommended actions to mitigate the risk through notifications known as “security advisories”.

“AusCERT and the other national cyber safety bodies provide advisories and alerts like this on almost a daily basis,” security consultant Crispin Harris told Crikey.

“This one is of course highly visible because of the companies involved. It is unusual for advisories to be picked up by the media but not uncommon.”

In the case of this specific vulnerability, announced in Microsoft Security Advisory 979352  last week, the bug is currently only known to be demonstrated in attacks on the obsolescent Internet Explorer version 6. Microsoft has issued a temporary fix , and is still investigating.

However, the Australian, French and German advisories all flag it as potentially affecting versions 7 and 8 of Internet Explorer as well.

“All software suffers from security vulnerabilities from time to time, but Microsoft’s Internet Explorer is more deeply integrated into the operating system. This allows greater functionality, but it comes at the cost of increased risk in the event of a problem,” security consultant Crispin Harris told Crikey.

“Intenet Explorer is currently the leading browser in terms of percentage of users, and thus it’s the most common target,” Harris said.

The advisories suggest using an alternative web browser for Windows, such as Mozilla’s Firefox or Apple’s Safari. Both are free downloads.

Harris agrees with this advice, but suggests we stay “alert but not alarmed”.

Peter Fray

Save up to 50% on a year of Crikey.

This extraordinary year is almost at an end. But we know that time waits for no one, and we won’t either. This is the time to get on board with Crikey.

For a limited time only, choose what you pay for a year of Crikey.

Save up to 50% or dig deeper so we can dig deeper.

See you in 2021.

Peter Fray
Editor-in-chief of Crikey

SAVE 50%