* Company says PCs vulnerable to attack by malicious sites
* Microsoft says free security tool can protect against
attacks
* Warning affects hundreds of millions of Internet Explorer
users
* Security experts say it may be easier to use another
browser
By Jim Finkle
BOSTON, Sept 17 Microsoft Corp warned a
newly discovered bug in its Internet Explorer web browser makes
PCs vulnerable to attack by hackers and urged customers to
download a piece of security software to mitigate the risk of
infection.
The security flaw affects hundreds of millions of Internet
Explorer browser users. Microsoft said attackers can exploit the
bug to infect the PC of somebody who visits a malicious website
and then take control of the victim's computer.
The software maker advised customers on its website late on
Monday to install the security software as an interim measure,
buying it time to fix the bug and release a new, more secure
version of Internet Explorer. The company did not say how long
that will take, but several security researchers said they
expect the update within a week.
The free security tool, which is known as the Enhanced
Mitigation Experience Toolkit, or EMET, is available through an
advisory on Microsoft's website:
The EMET software must be downloaded, installed and then
manually configured to protect computers from the newly
discovered threat, according to the posting from Microsoft. The
company also advised customers to adjust several Windows
security settings to thwart potential attackers, but cautioned
that doing so might impact the PC's usability.
Some security experts said it would be too cumbersome for
many PC users to implement the measures suggested by Microsoft.
Instead they advised Windows users to temporarily switch from
Internet Explorer to rival browsers such as Google Inc's
Chrome, Mozilla's Firefox or Opera Software ASA's Opera
.