Microsoft: Install security tool

4 hrs.

Microsoft

Microsoft urged
Windows users on Monday to install a free piece of security
software to protect PCs from a newly discovered bug in the
Internet Explorer browser.

The security flaw, which researchers say could allow hackers
to take remote control of an infected PC, affects Internet
Explorer browsers used by hundreds of millions of consumers and
workers. Microsoft said it will advise customers on its website
to install the security software as an interim measure, buying
it time to fix the bug and release a new, more secure version of
Internet Explorer.

The free security tool, which is known as the Enhanced
Mitigation Experience Toolkit, or EMET, is available from Microsoft.

Eric Romang, a researcher in Luxembourg, discovered the flaw
in Internet Explorer on Friday, when his PC was infected by a
piece of malicious software known as Poison Ivy that hackers use
to steal data or take remote control of PCs.

When he analyzed the infection, he learned that Poison Ivy
had gotten on to his system by exploiting a previously unknown
bug, or “zero-day” vulnerability, in Internet Explorer.

“Any time you see a zero-day like this, it is concerning,”
said Liam O Murchu, a research manager with anti-virus software
maker Symantec. “There are no patches available.
It is very difficult for people to protect themselves.”

Zero-day vulnerabilities are rare, mostly because they are
hard to identify — requiring highly skilled software engineers
or hackers with lots of time to scrutinize code for holes that
can be exploited to launch attacks. Security experts only
disclosed discovery of eight major zero-day vulnerabilities in
all of 2011, according Symantec.

Symantec and other major anti-virus software makers have
already updated their products to protect customers against the
newly discovered bug in Internet Explorer. Yet O Murchu said
that may not be sufficient to ward off adversaries.

“The danger with these types of attacks is that they will
mutate and the attackers will find a way to evade the defenses
we have in place,” he said.

Some security experts said computer users should avoid
Internet Explorer, even if they install the EMET security tool
available from Microsoft.

“It doesn’t appear to be completely effective,” said Tod
Beardsley, an engineering manager with the security firm Rapid7.

Rapid7 released software on Monday that security experts can
use to simulate attacks that exploit the security flaw in
Internet Explorer to see whether corporate networks are
vulnerable to that particular bug.

Marc Maiffret, chief technology officer of the security firm
BeyondTrust, said it may not be feasible for some businesses and
consumers to install Microsoft’s EMET tool on their PCs.

He said the security software has in some cases proven to be
incompatible with existing programs already running on networks.

Dave Marcus, director of advanced research and threat
intelligence with Intel Corp’s McAfee security
division, said it might be a daunting task for home users to
locate, download and install the EMET tool.

(c) Copyright Thomson
Reuters 2012. Check for restrictions at: 
http://about.reuters.com/fulllegal.asp 

4 hrs.

Microsoft lets home users subscribe to Office: $100 per year

3 days

Microsoft finds malware preloaded on new computers

1 day

Ballmer: There’s no doubt Windows 8 will be a success

Close post

Views: 0

You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply

Powered by WordPress | Designed by: Premium WordPress Themes | Thanks to Themes Gallery, Bromoney and Wordpress Themes