(Adds analyst comments, details on UK warning)
By Jim Finkle
BOSTON, April 28 The U.S. and UK governments on
Monday advised computer users to consider using alternatives to
Microsoft Corp's Internet Explorer browser until the
company fixes a security flaw that hackers used to launch
attacks.
The Internet Explorer bug, disclosed over the weekend, is
the first high-profile computer threat to emerge since Microsoft
stopped providing security updates for Windows XP earlier this
month. That means PCs running the 13-year-old operating system
will remain unprotected, even after Microsoft releases updates
to defend against it.
The Department of Homeland Security's U.S. Computer
Emergency Readiness Team said in an advisory released on Monday
that the vulnerability in versions 6 to 11 of Internet Explorer
could lead to "the complete compromise" of an affected system.
The recently established UK National Computer Emergency
Response Team issued similar advice to British computer users,
saying that in addition to considering alternative browsers,
they should make sure their antivirus software is current and
regularly updated.
Versions 6 to 11 of Internet Explorer dominate desktop
browsing, accounting for 55 percent of global market share,
according to research firm NetMarketShare.
Boldizsár Bencsáth, assistant professor with Hungary's
Laboratory of Cryptography and Systems Security, said the best
solution was to use another browser such as Google Inc's
Chrome or Mozilla's Firefox.
DELAYED UPGRADES
Security experts have long been warning Windows XP users to
upgrade to Windows 7 or 8 before Microsoft stopped supporting it
at the beginning of this month.
The threat that emerged over the weekend could be the wakeup
call that prompts the estimated 15 to 25 percent of PC users who
still use XP to dump those systems.
"Everybody should be moving off of it now. They should have
done it months ago," said Jeff Williams, director of security
strategy with Dell SecureWorks.
Roger Kay, president of Endpoint Technologies, expects
several hundred million people running Windows XP to dump those
machines for other devices by the end of the year.
They will be looking at Windows machines as well as Apple
Inc's Macs and iPads along with Google's Chrome laptops
and Android tablets, he said.
"Not everybody will necessarily go to Windows, but Microsoft
has a good chance at getting their business," he said. "It's got
to be a good stimulus for the year."
News of the vulnerability surfaced over the weekend.
Cybersecurity software maker FireEye Inc warned that a
sophisticated group of hackers have been exploiting the bug in a
campaign dubbed "Operation Clandestine Fox."
(Reporting by Jim Finkle. Additional reporting by Paul Sandle
in London.; Editing by Richard Valdmanis, Tom Brown and Cynthia
Osterman)