France, Germany Say Stop Using Internet Explorer 6 - InformationWeek
Government // Enterprise Architecture
12:25 AM
Connect Directly

France, Germany Say Stop Using Internet Explorer 6

IT security organizations for both countries on Friday cited the attacks against Google and 33 other organizations as the reason.

December's "Operation Aurora" cyber attack from China, which Google disclosed last week, has prompted French and German information security organizations to recommend against the use of Internet Explorer 6, at least until a patch is released to address the vulnerability.

The attack, which resulted in the loss of intellectual property belonging to Google and perhaps to other companies, leveraged an Internet Explorer vulnerability.

Mike Reavy, Microsoft's director of security response, said on Thursday that the Internet Explorer flaw was "one of several attack mechanisms that were used."

The warning comes at a bad time for Microsoft, which has been hoping that Windows 7 adoption will reverse Internet Explorer's ongoing loss of market share. According to NetApplications, Internet Explorer's global market share declined 11 out of 12 months in 2009.

France's CERTA and Germany's BSI each cite Internet Explorer 6, 7, and 8 in their warnings and also advise that users disable JavaScript, a recommendation sometimes put forth by US-CERT after significant browser vulnerabilities are revealed. Disabling JavaScript can hinder the operation of many Web sites, or render them inaccessible.

Asked about the French and German recommendations, a Microsoft spokesperson provided the following statement: "In regards to the recent Internet Explorer vulnerability, we have not seen successful attacks on Internet Explorer 8. As such, Microsoft continues to recommend customers upgrade to Internet Explorer 8 to benefit from its improved security protections."

The company also said that it had not seen successful attacks on Internet Explorer 7. But it warned that there have been reports of proof-of-concept code that exploits the vulnerability in Internet Explorer 7 on Windows XP and Vista. Microsoft said it was investigating these claims.

McAfee on Friday said that it had seen exploit code published on mailing lists and at least one Web site.

Websense, a computer security company, on Monday confirmed the Internet Explorer 7 is vulnerable in its default configuration while Internet Explorer 8 is not. Due to the fact that the vulnerability can be used in a drive-by download attack -- an attack triggered by visiting a malicious Web site or opening a specially-crafted e-mail message -- the company predicts that it will be exploited on a large scale.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll