France, Germany Say Stop Using Internet Explorer 6 - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Enterprise Architecture
News
1/19/2010
12:25 AM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

France, Germany Say Stop Using Internet Explorer 6

IT security organizations for both countries on Friday cited the attacks against Google and 33 other organizations as the reason.

December's "Operation Aurora" cyber attack from China, which Google disclosed last week, has prompted French and German information security organizations to recommend against the use of Internet Explorer 6, at least until a patch is released to address the vulnerability.

The attack, which resulted in the loss of intellectual property belonging to Google and perhaps to other companies, leveraged an Internet Explorer vulnerability.

Mike Reavy, Microsoft's director of security response, said on Thursday that the Internet Explorer flaw was "one of several attack mechanisms that were used."

The warning comes at a bad time for Microsoft, which has been hoping that Windows 7 adoption will reverse Internet Explorer's ongoing loss of market share. According to NetApplications, Internet Explorer's global market share declined 11 out of 12 months in 2009.

France's CERTA and Germany's BSI each cite Internet Explorer 6, 7, and 8 in their warnings and also advise that users disable JavaScript, a recommendation sometimes put forth by US-CERT after significant browser vulnerabilities are revealed. Disabling JavaScript can hinder the operation of many Web sites, or render them inaccessible.

Asked about the French and German recommendations, a Microsoft spokesperson provided the following statement: "In regards to the recent Internet Explorer vulnerability, we have not seen successful attacks on Internet Explorer 8. As such, Microsoft continues to recommend customers upgrade to Internet Explorer 8 to benefit from its improved security protections."

The company also said that it had not seen successful attacks on Internet Explorer 7. But it warned that there have been reports of proof-of-concept code that exploits the vulnerability in Internet Explorer 7 on Windows XP and Vista. Microsoft said it was investigating these claims.

McAfee on Friday said that it had seen exploit code published on mailing lists and at least one Web site.

Websense, a computer security company, on Monday confirmed the Internet Explorer 7 is vulnerable in its default configuration while Internet Explorer 8 is not. Due to the fact that the vulnerability can be used in a drive-by download attack -- an attack triggered by visiting a malicious Web site or opening a specially-crafted e-mail message -- the company predicts that it will be exploited on a large scale.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll