The latest security flaw in Microsoft’s Internet Explorer is apparently so bad that the German government has started telling its citizens to switch to other browsers.
The bug, announced on 17 September but yet to be fixed, can let all manner of nasty malware through if left unchecked. It affects versions of IE 6 through 9 on Windows XP, Vista and 7 — and the threat is clearly enough to warrant the unusually vigorous proclamation from the Federal Office for Information Security (BSI), reports Reuters. This is the first time that they have explicitly encouraged people to stop using the browser in favour of its competitors.
Microsoft has reported that most users are not affected by the bug, and the number of attacks has been limited. In the company’s update about the bug, they suggest either deactivating ActiveX controls or using their Enhanced Mitigation Experience Toolkit until a patch is released.
The bug was reportedly discovered in Luxembourg on 14 September as a computer researcher was analysing a machine which had been used in a campaign of industrial espionage in 2011. Within a short time of the discovery, at least three web servers were found hosting websites that contained the malicious code — anyone accessing those sites on the compromised versions of IE will be susceptible to attack.
The malware on those sites has been linked to the ” Nitro” attacks which targeted industrial and state secrets around the world last year. The statement from the BSI said that “a fast spreading of the code has to be feared.” In 2010, the BSI issued a warning that people should be careful when using IEs 6, 7 and 8 after a similar exploit was discovered, but this latest statement goes well beyond that.
According to StatCounter, IE has fallen just behind Chrome to become only the second most popular browser in the world. Its overall usage has been steeply declining for some time, too. This latest news will not help those figures.