France, Germany Say Stop Using Internet Explorer 6 - InformationWeek
IoT
IoT
Government // Enterprise Architecture
News
1/19/2010
12:25 AM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%
RELATED EVENTS
[Office 365] Managing the Employee Lifecycle
Jan 31, 2017
Microsoft's Office 365 has become the collaboration software of choice for many organizations. Whi ...Read More>>

France, Germany Say Stop Using Internet Explorer 6

IT security organizations for both countries on Friday cited the attacks against Google and 33 other organizations as the reason.

December's "Operation Aurora" cyber attack from China, which Google disclosed last week, has prompted French and German information security organizations to recommend against the use of Internet Explorer 6, at least until a patch is released to address the vulnerability.

The attack, which resulted in the loss of intellectual property belonging to Google and perhaps to other companies, leveraged an Internet Explorer vulnerability.

Mike Reavy, Microsoft's director of security response, said on Thursday that the Internet Explorer flaw was "one of several attack mechanisms that were used."

The warning comes at a bad time for Microsoft, which has been hoping that Windows 7 adoption will reverse Internet Explorer's ongoing loss of market share. According to NetApplications, Internet Explorer's global market share declined 11 out of 12 months in 2009.

France's CERTA and Germany's BSI each cite Internet Explorer 6, 7, and 8 in their warnings and also advise that users disable JavaScript, a recommendation sometimes put forth by US-CERT after significant browser vulnerabilities are revealed. Disabling JavaScript can hinder the operation of many Web sites, or render them inaccessible.

Asked about the French and German recommendations, a Microsoft spokesperson provided the following statement: "In regards to the recent Internet Explorer vulnerability, we have not seen successful attacks on Internet Explorer 8. As such, Microsoft continues to recommend customers upgrade to Internet Explorer 8 to benefit from its improved security protections."

The company also said that it had not seen successful attacks on Internet Explorer 7. But it warned that there have been reports of proof-of-concept code that exploits the vulnerability in Internet Explorer 7 on Windows XP and Vista. Microsoft said it was investigating these claims.

McAfee on Friday said that it had seen exploit code published on mailing lists and at least one Web site.

Websense, a computer security company, on Monday confirmed the Internet Explorer 7 is vulnerable in its default configuration while Internet Explorer 8 is not. Due to the fact that the vulnerability can be used in a drive-by download attack -- an attack triggered by visiting a malicious Web site or opening a specially-crafted e-mail message -- the company predicts that it will be exploited on a large scale.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll