Microsoft Reveals Advanced Workaround for New IE Flaw

Yesterday we reported on a new critical flaw in Microsoft's Internet Explorer (IE) that allows hackers to circumvent the operating system and take control of MS Windows. In most instances, a Trojan is deployed on affected systems and spyware is installed. The flaw affects users of Windows XP through Windows 7.

Microsoft recently acknowledged the vulnerability's existence, and has provided a limited workaround for the issue.

Internet Explorer Flaw "Not Serious Enough" to Warrant Emergency Patch

The Internet Explorer flaw was discovered earlier this month by a French security company, but Microsoft says the flaw isn't serious enough to declare a software state of emergency.

"The issue does not currently meet the criteria for an out-of-band release," said Microsoft Security Response Center representative Carlene Chmaj. "However, we are monitoring the threat landscape very closely and if the situation changes, we will post updates." (Source: computerworld.com)

As Microsoft noted when reports of the flaw first emerged, there haven't yet been any attacks using the exploit. The flaw is related to Internet Explorer's HTML engine, and affects Internet Explorer 6, 7, and even IE8. (Source: bbc.co.uk)

Workaround Tool for Advanced Users

While Microsoft works on a patch (presumably for January's Patch Tuesday release), it says users can limit their chances of being affected by the issue by configuring the Enhanced Mitigation Experience Toolkit (EMET) to raise IE's defenses.

The Enhanced Mitigation Experience Toolkit can be downloaded for free from Microsoft's site. That said, this tool is specifically designed for advanced users, which makes the workaround less than applicable for everyday Internet Explorer users.

Rival browsers Mozilla Firefox, Google Chrome, Apple's Safari and Opera are reportedly not affected by the flaw.