Microsoft’s Internet Explorer may not be best for exploring the internet anymore since it has been on stress by being neck and neck with Mozilla's Firefox and Google's Chrome as the most widely used browser.
And to add more to its problem, on April 28th, 2014, The Department of Homeland Security is warning Americans to stop using the it because the browser has a bug that could allow hackers to install malicious software without the user knowing it.
Internet Explorer's homepage is saying on Monday, April 28, 2014, that Microsoft is rushing to fix a security flaw in their flagship browser. Microsoft blames the problem on the coding flaw.
According to Microsoft, an attacker could create a website designed to exploit the vulnerability and trick users into visiting it. The attacker could then exploit the bug through these websites that allow user-provided content.
"In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email," said Microsoft about the bug.
The vulnerability, has already been exploited in the wild. To become a victim, all the user has to do is view a "specially crafted HTML document," which means a web page or even a rich email or attachment.
If successful, a hacker could gain the same rights as the computer's current user.
"If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system," the company warned. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
But the company also added that Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode, which "mitigates this vulnerability".
The easiest solution for users is to use an alternative browser like Firefox or Chrome. But for those that can't avoid using Internet Explorer, can download Microsoft's Enhanced Mitigation Experience Toolkit to lessen the potential damage from malware, and also set the browser's security level to "high" under "Internet Options."
Users can also disable Adobe Flash to further minimize the risk, and run Internet Explorer in "Enhanced Protected Mode" and "64-bit process mode, which is available for IE10 and IE11 in the Internet Options. Additionally, users can install anti-malware software or use additional firewalls on their machines.
Microsoft offers more advice to increase the computer's security and gives the latest security advisory on the IE flaw.
The company said that the steps "may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs."
Computers that run on Windows XP are more prone to the flaw because Microsoft has stopped offering security patches and software updates for the operating system. The best bet for Windows XP users is to use another web browser, or switch to newer operating systems as soon as possible as many security firms advised.
In a statement, the Department's Computer Emergency Readiness Team (CERT) says that the flaw affects versions 6 through 11 of IE "and could lead to the complete compromise of an affected system." Both CERT and Microsoft said they were aware of attacks targeting the flaw.
"The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer," Microsoft said in an online statement. "An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website."