German watchdog warns of Internet Explorer breach

Microsoft

(AP) The German government agency overseeing IT safety is warning of a security breach in Microsoft's Internet Explorer and recommending people use other browsers until the problem is fixed.

The browser's "weak point is already being used for targeted attacks," the Federal Office for Information Security warned, adding that the code behind the attack is freely available online and might therefore spread rapidly.

A spokesman for Microsoft Corp. said Tuesday the company is aware of the issue and is working on soon rolling out a software update, a so-called patch, to fix the browser's security features.

"This is not a massive problem. There have been only a small number of targeted attacks," said spokesman Thomas Baumgaertner. He could not provide a figure of the number of attacks recorded so far.

The browser is used by hundreds of millions of consumers and workers around the world.

In its warning published late Monday, Germany's IT watchdog called on people using Windows XP or Windows 7 operating systems and Internet Explorer versions 7, 8 or 9 to switch to alternative browsers until Microsoft updates the browser's security features.

Attackers lure users to an infected website, for example through an emailed link. Visiting the website then allows hackers to introduce codes to take control of the user's computer, the BSI agency said.

Baumgaertner noted that people should always be vigilant when clicking on links from unknown sources. He also added that many antivirus programs might already be updated to protect their users against attacks through the browser loophole.

[I_Eidus]

News flash: world warns that Germany provides support and equipment to help Iran build a nuclear bomb, including centrifuges, computers, and tunneling equipment to place it all deep underground for extra protection.

Consequences of Iran building and using a nuclear bomb with German support: infinitely greater than getting infected using IE!!

[crushkittykitty]

here is the exploit in action
the bad thing about it is no user interaction just going to a web site

https://www.youtube.com/watch?v=2UlN9W6NGqY&feature=player_embedded
those not wanting to click links just do a youtube search for "0-Day exploit in action" or "crushkittykitty"