Skip to main content

See also:

Homeland Security issues 'national security alert' for Internet Explorer users

Windows Internet Explorer
Windows Internet ExplorerMicrosoft

The Department of Homeland Security (DHS) has issued a national security alert for all businesses and individual users of the web browser, Windows Internet Explorer, versions 6 through 11: do not use it.

"We are currently unaware of a practical solution to this problem," the Department of Homeland Security's United States Computer Emergency Readiness Team (CERT) said in a post Monday morning.

This hack affects businesses using Internet Explorer as well as personal PC users. Restaurants, banks, ATM’s, stores and everyone else using any of the Internet Explorer versions listed above, are vulnerable.

Microsoft is aware of this vulnerability and are working on a fix, but at this time they do not have one. The web browser contains a use-after-free vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Here’s how it works:

Hackers set up a website that installs malware when you visit it. If you're duped into visiting the website while using the Internet Explorer program, malware seeps into your computer and gives a stranger total control. You might not even notice.

"I'd say someone taking control of your computer is just the beginning of the worst case scenario," said Adrian Sanabria, a security expert with 451research.com. "Because then they steal your info, get access to your email, etc."

The hack uses a corrupted Adobe Flash file to attack the victim's computer, users can avoid it by turning off Adobe Flash, but your web browsing experience will be diminished.

"The attack will not work without Adobe Flash," FireEye said. "Disabling the Flash plugin within IE will prevent the exploit from functioning."

What you can do now:

The best solution right now according to the Department of Homeland security is for users and administrators to "consider employing an alternative Web browser until an official update is available."

The web browsers Google Chrome, Mozilla FireFox and Apple Safari are not currently vulnerable to this hack.

Microsoft has issued a “work around” solution until they can come up with a fix. The Enhanced Mitigation Experience Toolkit (EMET) work around helps mitigate the exploitation of this vulnerability by adding additional protection layers that make the vulnerability harder to exploit. EMET 4.1 is officially supported by Microsoft. At this time, EMET is only available in the English language.