Internet Explorers users warned of flaw

SINGAPORE - The authorities in Singapore, the United States and Britain have issued warnings over a serious security hole in Microsoft's Internet Explorer Web browser.

They are advising computer users to consider using other Web browsers until there is a fix.

The bug, which came to light at the weekend, allows cybercrooks to take over a person's computer when he simply visits a website, even a legitimate one, that crooks have tampered with.

Especially vulnerable here are the 450,000 computers still running the 13-year-old Windows XP operating system as of February.

The bug is the first known XP vulnerability that will not be patched since Microsoft ended support for it on April 8, said cyber security firms Symantec and Trend Micro.

All current editions of Internet Explorer, versions six to 11, are affected by the bug.

The Infocomm Development Authority of Singapore (IDA) told The Straits Times on Monday that the flaw "allows an attacker to install malicious software into susceptible systems remotely".

The United States Computer Emergency Readiness Team, under the Department of Homeland Security, said the flaw could lead to "the complete compromise" of affected systems, Reuters said.

Security firm FireEye, which discovered the bug, said this means hackers can secretly place malware into a computer through the bug. They could then delete files and steal sensitive data, such as passwords and bank credentials.

The good news is no known attacks have been reported here yet.

Microsoft said it was "only aware of limited, targeted attacks". FireEye said these happened overseas and were likely aimed at stealing secrets from organisations.

IDA is monitoring the situation and said public agencies "have been informed to adopt good cyber security practices".

Besides opting for other browsers, IDA said computer users could tweak Internet Explorer security settings to "high".

It also suggested that users install a security software programme called the Enhanced Mitigation Experience Toolkit 4.1.

FireEye's senior malware researcher Chong Rong Hwa said consumers should keep their software, including security programs, updated.

Even if users turn to other browsers, Symantec Singapore's senior manager for security response Eugene Teo said it is "not a permanent solution" as users might not patch Internet Explorer when a fix is out and accidentally use the vulnerable browser.

Some consumers are undeterred. Mr Bob Khoo, 37, said he would stick with Internet Explorer as he is used to the browser. But he intends to check out the interim security advice.

"I'm definitely worried because I do Internet banking and online shopping frequently. But I believe all browsers have their weaknesses," said the executive from the manufacturing sector.

This article was published on April 30 in The Straits Times.

Get a copy of The Straits Times or go to for more stories.