US warns on use of flawed Microsoft browser

WASHINGTON - A US government cybersecurity watchdog warned computer users Monday against using a version of the Microsoft Internet Explorer browser with a security hole that could allow hackers in.

The government's Computer Emergency Response Team (US-CERT) said in a statement that it was aware of "active exploitation" of the security flaw in versions six through 11 of the flagship Explorer browser.

The agency, a unit of the Department of Homeland Security, urged computer users to take protective actions and "consider employing an alternative Web browser until an official update is available."

The security flaw is of particular concern for computers running Windows XP, an older version of the operating system for which Microsoft has said it will no longer issue security updates.

Microsoft said Saturday that an attacker who successfully exploits the vulnerability could take control of the computer.

Cybersecurity firm FireEye, which took credit for identifying the flaw, said hackers were exploiting the bug in a campaign nicknamed "Operation Clandestine Fox."

Roger Kay, analyst with Endpoint Technologies Associates, said the flaw affects multiple versions of the browser "but is most dangerous for XP users, since that OS is no longer being maintained."

"While it's still possible that Microsoft will relent and fix XP one more time, users should not count on it," Kay said.

"And even if Microsoft does throw this group a lifeline one more time, inevitably the day will come when the software giant will no longer bail them out."

AFP