Sophos raises threat level as Microsoft readies IE fix
By Digital News Asia September 20, 2012
- Zero day threat impacts most versions of Windows
- German Government advises users to stop using Internet Explorer
EXPERTS at SophosLabs have raised their threat level to "High" in response to an as-yet unpatched security vulnerability in Internet Explorer.
The rise in the SophosLabs threat barometer comes in response to in-the-wild detections that the team has seen in attacks exploiting the CVE-2012-4969 vulnerability in Microsoft's popular web browser, SophosLabs said in a statement.
SophosLabs defines various threat levels from "Low" to "Critical", based upon the prevalence of malware, spam and web threats, and intelligence regarding new vulnerabilities.
Judged on its own, SophosLabs rates the Internet Explorer vulnerability as critical - but the seriousness of the threat has its experts rating the threat level on the Net as a whole as "high".
At the time of writing, Microsoft has only published details of temporary workarounds to reduce the chances of computers being exploited by the vulnerability, but it's clear that the ideal solution would be an official patch for Internet Explorer.
The good news is that Microsoft is working on a fix.
Yunsun Wee (pic), a communication director at the Microsoft Security Response Center, has said that the company plans to release a "Fix It" within the "next few days".
"The Fix it is an easy-to-use, one-click, full-strength solution any Internet Explorer user can install. It will not affect your ability to browse the Web, and it will provide full protection against this issue until an update is available. It won't require a reboot of your computer," she said.
If you can't wait for a fix, or if you don't like Microsoft's suggested mitigation workarounds, then the only sensible option is to use another browser, SophosLabs said, noting however that this is not an easy option for companies in particular to take.