Pittsburgh Tech Guy

The U.S. government's top cyber-security agency is telling Internet Explorer (IE) users they should consider running a different browser until Microsoft fixes a critical vulnerability.

The U.S. Computer Emergency Readiness Team (US-CERT) added its voice to the growing chorus of security organizations and companies that have warned people of the flaw, which affects IE6, IE7, IE8, IE9, IE10 and IE11.

US-CERT is part of the U.S. Department of Homeland Security, and regularly issues security warnings and threat alerts.

"US-CERT recommends that users and administrators enable Microsoft EMET where possible and consider employing an alternative Web browser until an official update is available," the agency said in a Sunday statement.

EMET refers to "Enhanced Mitigation Experience Toolkit," an anti-exploit utility that lets customers beef up security defenses on select applications.

Windows XP users are especially at risk to exploits of this IE vulnerability, because they will not receive patches for IE6, IE7 or IE8. Microsoft will be writing patches for all three versions, but will not offer them to Windows XP customers; it terminated support for the 12-year-old OS on April 8.

Security experts had warned Windows XP users that they would be targeted by hackers after support ended. They believed that cyber criminals would quickly find flaws by examining Microsoft's patches -- using a before-and-after code comparison -- in those products, like IE, that continue to receive updates on other editions of Windows.

"This happened a bit quicker than I expected, but it is a sign of things to come," said Wolfgang Kandek, chief technology officer of Qualys, in a Monday blog. "Since you will not get a patch for your operating system, deregistering the DLL will be your best option to defend your systems."