France, Germany Say Stop Using Internet Explorer 6 - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Enterprise Architecture
12:25 AM
Connect Directly

France, Germany Say Stop Using Internet Explorer 6

IT security organizations for both countries on Friday cited the attacks against Google and 33 other organizations as the reason.

December's "Operation Aurora" cyber attack from China, which Google disclosed last week, has prompted French and German information security organizations to recommend against the use of Internet Explorer 6, at least until a patch is released to address the vulnerability.

The attack, which resulted in the loss of intellectual property belonging to Google and perhaps to other companies, leveraged an Internet Explorer vulnerability.

Mike Reavy, Microsoft's director of security response, said on Thursday that the Internet Explorer flaw was "one of several attack mechanisms that were used."

The warning comes at a bad time for Microsoft, which has been hoping that Windows 7 adoption will reverse Internet Explorer's ongoing loss of market share. According to NetApplications, Internet Explorer's global market share declined 11 out of 12 months in 2009.

France's CERTA and Germany's BSI each cite Internet Explorer 6, 7, and 8 in their warnings and also advise that users disable JavaScript, a recommendation sometimes put forth by US-CERT after significant browser vulnerabilities are revealed. Disabling JavaScript can hinder the operation of many Web sites, or render them inaccessible.

Asked about the French and German recommendations, a Microsoft spokesperson provided the following statement: "In regards to the recent Internet Explorer vulnerability, we have not seen successful attacks on Internet Explorer 8. As such, Microsoft continues to recommend customers upgrade to Internet Explorer 8 to benefit from its improved security protections."

The company also said that it had not seen successful attacks on Internet Explorer 7. But it warned that there have been reports of proof-of-concept code that exploits the vulnerability in Internet Explorer 7 on Windows XP and Vista. Microsoft said it was investigating these claims.

McAfee on Friday said that it had seen exploit code published on mailing lists and at least one Web site.

Websense, a computer security company, on Monday confirmed the Internet Explorer 7 is vulnerable in its default configuration while Internet Explorer 8 is not. Due to the fact that the vulnerability can be used in a drive-by download attack -- an attack triggered by visiting a malicious Web site or opening a specially-crafted e-mail message -- the company predicts that it will be exploited on a large scale.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll