The United States Department of Homeland Security has issued advisory for computers users to avoid using Internet Explorer. This is due to a zero day exploit that was recently uncovered. The exploit is believed to affect ALL versions on Internet Explorer (6-11). Users on Windows XP will not receive a patch; the exception are enterprise/government customers that have special agreements with Microsoft which often cost millions of dollars. The advisory asks users to consider alternatives to Internet Explorer.
“We are currently unaware of a practical solution to this problem,” Carnegie Mellon’s Software Engineering Institute warned in a separate advisory, that US-CERT linked to in its warning.
Cybersecurity software maker FireEye Inc warned that a sophisticated group of hackers have been exploiting the bug in a campaign dubbed “Operation Clandestine Fox.”
“It’s a campaign of targeted attacks seemingly against U.S.-based firms, currently tied to defense and financial sectors,” said FireEye spokesman Vitor De Souza on Sunday. “It’s unclear what the motives of this attack group are, at this point. It appears to be broad-spectrum intel gathering.”
For those who must use Internet Explorer, a free security tool known as EMET (Enhanced Mitigation Experience Toolkit) may help thwart some attacks.