It is HIGHLY recommended users Disable Flash plugin or use an alternative browser.
SAN FRANCISCO – The U.S. Department of Homeland security is advising Americans not to use the Internet Explorer web browser until a fix is found for a serious security flaw that came to light over the weekend.
The bug was announced on Saturday by FireEye Research Labs, an internet security software company based in Milpitas, Calif.
“We are currently unaware of a practical solution to this problem,” the Department of Homeland Security’s United States Computer Emergency Readiness Team said in a post Monday morning.
It recommended that users and administrators “consider employing an alternative web browser until an official update is available.”
Because the hack uses a corrupted Adobe Flash file to attack the victim’s computer, users can avoid it by turning off Adobe Flash.
“The attack will not work without Adobe Flash,” FireEye said. “Disabling the Flash plugin within IE will prevent the exploit from functioning.”
FireEye said that the hackers exploiting the bug are calling their campaign “Operational Clandestine Fox.”
US-CERT is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer. This vulnerability affects IE versions 6 through 11 and could lead to the complete compromise of an affected system.
US-CERT recommends that users and administrators enable Microsoft EMET where possible and consider employing an alternative web browser until an official update is available.