Microsoft urges customers to install security tool

Microsoft urges customers to install security tool
Microsoft Corp urged Windows users on Monday to install a free piece of security software to protect PCs from a newly discovered bug in the Internet Explorer browser.

The security flaw, which researchers say could allow hackers to take remote control of an infected PC, affects Internet Explorer browsers used by hundreds of millions of consumers and workers. Microsoft said it will advise customers on its website to install the security software as an interim measure, buying it time to fix the bug and release a new, more secure version of Internet Explorer.

The free security tool, which is known as the Enhanced Mitigation Experience Toolkit, or EMET, is available on Microsoft's website.

Eric Romang, a researcher in Luxembourg, discovered the flaw in Internet Explorer on Friday, when his PC was infected by a piece of malicious software known as Poison Ivy that hackers use to steal data or take remote control of PCs.

When he analyzed the infection, he learned that Poison Ivy had gotten on to his system by exploiting a previously unknown bug, or "zero-day" vulnerability, in Internet Explorer.

"Any time you see a zero-day like this, it is concerning," said Liam O Murchu, a research manager with anti-virus software maker Symantec Corp. "There are no patches available. It is very difficult for people to protect themselves."

Zero-day vulnerabilities are rare, mostly because they are hard to identify - requiring highly skilled software engineers or hackers with lots of time to scrutinize code for holes that can be exploited to launch attacks. Security experts only disclosed discovery of eight major zero day vulnerabilities in all of 2011, according Symantec.

Symantec and other major anti-virus software makers have already updated their products to protect customers against the newly discovered bug in Internet Explorer. Yet O Murchu said that may not be sufficient to ward off adversaries.

"The danger with these types of attacks is that they will mutate and the attackers will find a way to evade the defenses we have in place," he said.

Some security experts said computer users should avoid Internet Explorer, even if they install the EMET security tool available from Microsoft.

"It doesn't appear to be completely effective," said Tod Beardsley, an engineering manager with the security firm Rapid7.

Rapid7 released software on Monday that security experts can use to simulate attacks that exploit the security flaw in Internet Explorer to see whether corporate networks are vulnerable to that particular bug.

Marc Maiffret, chief technology officer of the security firm BeyondTrust, said it may not be feasible for some businesses and consumers to install Microsoft's EMET tool on their PCs.

He said the security software has in some cases proven to be incompatible with existing programs already running on networks.

Dave Marcus, director of advanced research and threat intelligence with Intel Corp's McAfee security division, said it might be a daunting task for home users to locate, download and install the EMET tool.

"For consumers it might be easier to simply click on Chrome," Marcus said.

Internet Explorer was the world's second-most widely used browser last month, with about 33 percent market share, according to StatCounter. It was close behind Google Inc's Chrome browser, which had 34 percent of the market.

Copyright Thomson Reuters 2012

Affiliate links may be automatically generated - see our ethics statement for details.
Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Over two million iPhone 5 pre-orders in 24 hours; annihilates iPhone 4S record
Tweeters mock Newsweek's #MuslimRage cover

Related Stories

Share on Facebook Tweet Snapchat Share Reddit Comment
 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on JioSaavn.com