Microsoft Has Yet To Issue A Fix For Major Internet Explorer Security Flaw

UPDATE: Microsoft began rolling out an updated intended to patch this problem on Thursday morning.

First of all, if you’re reading this in Internet Explorer, copy the link, quit the browser and paste it into another one. Because it’s been three days since Microsoft first announced a major security flaw in versions 6 through 10 of the browser and there’s still no patch to fix the problem.

As of Tuesday afternoon, the company has stayed mum since Saturday’s announcement, when it said it would be issuing a patch for PC users running Internet Explorer — unless you’re still using Windows XP, in which case, there will be no saving you — after discovering “limited, targeted attacks” exploiting the flaw.

While Microsoft hasn’t said when the fix will come, it’s to be hoped that it will arrive soon [cue ticking clock]. Meanwhile, the U.S. Department of Homeland Security advised Americans to simply switch to a different browser to be safe until the problem is fixed.

“We are currently unaware of a practical solution to this problem,” the Department of Homeland Security’s United States Computer Emergency Readiness Team said in a post yesterday, recommending that users and administrators “consider employing an alternative Web browser until an official update is available.”

Users can also turn off Adobe Flash to avoid the hack, which uses a corrupted Flash file to get into a victim’s computer.

“The attack will not work without Adobe Flash,” security firm FireEye said. “Disabling the Flash plugin within IE will prevent the exploit from functioning.”

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.