On the heels of last week's sophisticated malware attack that targeted a known IE flaw, US-CERT updated an earlier advisory to recommend the use of alternative browsers because of "significant vulnerabilities" in technologies embedded in IE.Microsoft has touted its renewed focus on security, but more work clearly needs to be done. As InternetNews notes, Microsoft has yet to patch an "extremely critical" flaw in Internet Explorer that can give malicious attacks access to local programs and less restrictive Internet zones. Beta versions of Service Pack 2 are apparently immune to the exploit, but there's no telling when Microsoft will release a final fix to the general public.
"There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, the DHTML object model, MIME-type determination, and ActiveX. It is possible to reduce exposure to these vulnerabilities by using a different Web browser, especially when browsing untrusted sites," US-CERT noted in a vulnerability note.