Security threats Toolkit

Government says Finnish with IE 6

Dan Ilet ZDNet.co.uk

Published: 26 Nov 2004 13:35 GMT

A government agency in Finland is urging the country's citizens to avoid use of Internet Explorer until Microsoft has patched the Bofra vulnerability.

The Finnish Communications Regulatory Authority (FICORA) said users should adopt a different browser as it issued a high-risk warning over the Bofra vulnerability, for which an exploit was released within a few days of publication.

"We've advised the Finnish people to avoid use of Internet Explorer until a patch is released," said Arsi Heinonen, information security advisor for FICORA. "[The vulnerability] is widely exploited and there's some malicious software for it. It's a high risk we think. If people can use another browser until the patch is released, that's good."

The Bofra exploit – also known as the IFRAME exploit – was used this week to infect computers through banner ads. The exploit directed users to other Web sites and downloaded malicious code to their machines.

Microsoft has yet to announce when it will release a patch for the vulnerability, which was published at the beginning of November.

The vulnerability is said not to affect computers running Windows XP SP2, but can disrupt those with Windows 2000 and XP SP1.

At the beginning of this month, the National Infrastructure Security Co-ordination Centre (NISCC) advised users to take immediate action on the flaw. It said to take measures that included applying the patch for the flaw when it becomes available, to install SP2 and to keep antivirus software up to date.