As reported in USA Today
The U.S. Department of Homeland security is advising Americans not to use the Internet Explorer Web browser until a fix is found for a serious security flaw that came to light over the weekend. The bug was announced on Saturday by FireEye Research Labs, an Internet security software company based in Milpitas, Calif.
The security flaw allows malicious hackers to get around security protections in the Windows operating system. They then can be infected when visiting a compromised website. Because the hack uses a corrupted Adobe Flash file to attack the victim’s computer, users can avoid it by turning off Adobe Flash.
While the bug affects all versions of Internet Explorer 6 through 11 it is currently targeting IE9 and IE10, FireEye stated.
The attacks do not appear to be widespread at this time. Microsoft said it was “aware of limited, targeted attacks that attempt to exploit” the vulnerability.
Microsoft confirmed Saturday that it is working to fix the code that allows Internet Explorer versions 6 through 11 to be exploited by the vulnerability. As of Monday morning, no fix had been posted. Microsoft typically releases security patches on the second Tuesday of each month, what’s known as Patch Tuesday. The next one is Tuesday, May 14. Whether the company will release a patch for this vulnerability before that isn’t known.
About 55% of PC computers run one of those versions of Internet Explorer, according to the technology research firm NetMarketShare. About 25% run either IE9 or IE10. Computer users who are running the Windows XP operating system are out of luck. Microsoft discontinued support of the system on April 8.