Microsoft Corp. is warning users of its Internet Explorer that a newly discovered bug in the Web browser can make their computers vulnerable to hackers. The software maker is urging its customers to download a piece of security software to mitigate the risk of infection, Reuters reported.
The security flaw affects hundreds of millions of Internet Explorer users. Microsoft said attackers can exploit the bug to infect the PC of somebody who visits a malicious website and then take control of the victim's computer.
The software maker advised customers on its website late on Monday to install the security software as an interim measure, buying Microsoft time to fix the bug and release a new, more secure version of Internet Explorer. The company did not say how long that will take, but several security researchers said they expect the update within a week.
The free security tool, which is known as the Enhanced Mitigation Experience Toolkit, or EMET, is available through an advisory on Microsoft's website: blogs.technet.com/b/msrc/
The EMET software must be downloaded, installed and then manually configured to protect computers from the newly discovered threat, according to the posting from Microsoft. The company also advised customers to adjust several Windows security settings to thwart potential attackers, but cautioned that doing so might affect their computers' usability.
Some security experts said it would be too cumbersome for many PC users to implement the measures suggested by Microsoft. Instead they advised Windows users to temporarily switch from Internet Explorer to rival browsers such as Google Inc.'s Chrome, Mozilla's Firefox or Opera Software ASA's Opera.
"For consumers, it might be easier to simply click on Chrome," said Dave Marcus, director of advanced research and threat intelligence with Intel Corp.'s McAfee security division.
Marc Maiffret, chief technology officer of the security firm BeyondTrust, said it may not be feasible for some businesses to install Microsoft's EMET tool on their PCs.
He said the security software has in some cases proved to be incompatible with existing programs already running on networks.