CATEGORIES
home News

Microsoft Issues Emergency Security Patch for IE

by Jennifer JohnsonWednesday, December 17, 2008, 12:46 PM EDT

As we mentioned last week, Microsoft confirmed an unpatched bug in Internet Explorer that hackers are exploiting. Now, the company is issuing an emergency security patch for all versions of Internet Explorer. In an advance notification of the patch, Microsoft describes it as protection against a "remote code execution" vulnerability. Microsoft posted a security advisory last Wednesday and offered a few mitigations and workarounds for protection.

This flaw makes it possible for attackers to steal personal data such as passwords if a user visits a compromised website. On Saturday, Microsoft warned that 1 in 500 Internet Explorer users worldwide may have been exposed to malware hosted at both legitimate websites and porn sites. It appears the vulnerability has primarily been used to steal gaming passwords for black market sales, but there’s no guarantee that the hole hasn’t, or won’t, be used for other purposes as well. As a result, some security analysts have gone so far as to suggest that people switch browsers to protect themselves from the flaw. Furthermore, in a blog post, Graham Cluley, senior technology consultant at Sophos, said his company is seeing about 20,000 newly infected web pages each day. The majority of those are legitimate sites that have been compromised a SQL injection attack.

According to a blog post from Microsoft Security Response Center researchers Ziv Mador and Tareq Saade, the number of users who have been affected is rising quickly:  "Based on our stats, since the vulnerability has gone public, roughly 0.2% of users worldwide may have been exposed to websites containing exploits of this latest vulnerability. That percentage may seem low, however it still means that a significant number of users have been affected. The trend for now is going upwards: We saw an increase of over 50% in the number of reports today compared to yesterday."

Microsoft says it is aware only of attacks affecting Internet Explorer 7 under certain systems. However, all users of IE5, 6, and 7 are encouraged to install the fix. A separate patch for users of IE8 Beta 2 is expected to be made available as well. The patch should be available today at 1 p.m. EST at the Microsoft Update site as well as at the Microsoft Download Center.

 

Tags:  Microsoft, Internet Explorer, Patch
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment