The German government has warned web users to find an alternative browser to Internet Explorer to protect security and this is a warning from the Federal Office for Information Security comes after Microsoft admitted IE was the weak link in recent attacks on Google’s systems.

Microsoft rejected the warning, saying that the risk to users was low and that the browsers’ increased security setting would prevent any serious risk. However, German authorities say that even this would not make IE fully safe. Thomas Baumgaertner, a spokesman for Microsoft in Germany, said that while they were aware of the warning, they did not agree with it, saying that the attacks on Google were by “highly motivated people with a very specific agenda”.

However, when such news was announced, the Germany Microsoft spokesman still denier the attacks against general users or consumers as there is no threat to the general user, consequently Microsoft do not support this warning. Microsoft says the security hole can be shut by setting the browser’s security zone to “high”, although this limits functionality and blocks many websites.

This can be found at Tools > Internet Options > Security on your Internet Explorer

However, Graham Cluley of anti-virus firm Sophos, told BBC News that not only did the warning apply to 6, 7 and 8 of the browser, but the instructions on how to exploit the flaw had been posted on the internet. “This is a vulnerability that was announced in the last couple of days. Microsoft have no patch yet and the implication is that this is the same one that exploited on the attacks on Google earlier this week,” he said.

Computer expert Alan Stevens: “It’s like having a window left open in your house”. “The way to exploit this flaw has now appeared on the internet, so it is quite possible that everyone is now going to have a go.”

Microsoft traditionally release a security update once a month – the next scheduled patch is the 9th of February. However, a spokesman for Microsoft told BBC News that developers for the firm were trying to fix the problem. “We are working on an update on this issue and this may well involve an out of cycle security update,” he said.

However, this is no easy task. Not only have the firm got to fix the loophole, but they have to ensure it does not create another one and – equally importantly – works on all computers. This is a challenge compounded by the fact they have to fix three different versions of its browser. Microsoft said that while all versions of Internet Explorer were affected, the risk was lower with more recent releases of its browser.

The other problem facing developers is that the possible risk might not be prevented by anti-virus software, even when recently updated. The bad publicity has allowed rivals such as Firefox to gain market share. According to web analytics company StatCounter Firefox is now a close second to Internet Explorer (IE) in Europe, with 40% of the market compared to Microsoft’s 45% share.

In some markets, including Germany and Austria, Firefox has overtaken IE, the firm said. Microsoft said it had now decided to act on the security hole.

“Given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves and the escalating threat environment Microsoft will release a security update out-of-band for this vulnerability,” said Microsoft’s general manager of Microsoft’s trustworthy computing security group George Stathakopoulos.

Following the high profile attacks on Google, Microsoft admitted that IE was a “weak link”. The recent spate of attacks were alleged to have hit more than 30 companies including Google and Adobe. Google threatened to withdraw from the Chinese market following the attacks.

Solution
1. Use Firefox for the time being until 9th February (In case the patch was not downloaded automatically)

Microsoft’s IE patch, coded KB960714 and part of Security Bulletin MS08-078, is considered a critical update for all Internet Explorer users. It fixes the much-publicized Internet Explorer flaw found last week that can let remote attackers gain access to your passwords and personal information. The fix is recommended for users of IE5, IE6, IE7, and IE8 beta 2.

• Read the official Microsoft Security Bulletin

2. Discontinue using Internet Explorer