The Department of Homeland Security is warning Americans to stop using the Web browser Internet Explorer because it has a bug that could allow hackers to install malicious software without the user knowing it.
The vulnerability, the United States Computer Emergency Readiness Team says, has already been exploited in the wild. Essentially, all a user has to do to become a victim is view a “specially crafted HTML document,” which means a Web page or even a rich email or attachment.
“We are currently unaware of a practical solution to this problem,” CERT said.
USA Today reports that users can avoid the bug by using another browser for now, or by disabling Adobe Flash.
The paper adds:
“Microsoft confirmed Saturday that it is working to fix the code that allows Internet Explorer versions six through 11 to be exploited by the vulnerability. As of Monday morning, no fix had been posted.
“About 55% of PC computers run one of those versions of Internet Explorer, according to the technology research firm NetMarketShare.
“The bug works by using Adobe Flash to attack a computer’s memory.”
Krebs on Security, a blog that specializes in these types of stories, reports another way around the bug is to run Internet Explorer in “Enhanced Protected Mode” and “64-bit process mode, which is available for IE10 and IE11 in the Internet Options settings as shown in [this] graphic.”