BSI recommends alternative browsers: Serious vulnerability in Internet Explorer


Microsoft admitted that in a security advisory last night. The Internet Explorer 10 shipped with Windows 8 is not affected. The vulnerability is considered particularly dangerous because there is already an exploit code "in the wild" in the form of a module for the malware framework "Metasploit". The Federal Office for Information Security (BSI) therefore advises to keep fingers away from IE as long as possible until Microsoft has provided a patch.

Unfortunately, it is not yet clear when this will be the case. Given the urgency, Microsoft should seek to close the vulnerability (technically a use after-free vulnerability) before the next regular patch day on the second October Tuesday. In the Advisory, the manufacturer has unfortunately only a few poor workarounds ready, which may not be practical for many users, such as turning off ActiveX and Active Scripting or enabling a warning message before each script execution.

The most sensible thing seems to be the installation of the malware brake "EMET" (Enhanced Mitigation Experience Toolkit), which activates protective functions for certain processes. After installing the program you have to explicitly add Internet Explorer (iexplore.exe) as well.