Microsoft Issues Emergency Security Patch For IE
Microsoft is issuing an emergency patch for a critical Internet Explorer flaw.
JR Raphael, PC World Wednesday, December 17, 2008; 12:19 AM
Microsoft will issue an emergency security patch Wednesday for all versions of Internet Explorer. The patch is considered a critical fix for the security flaw currently plaguing the IE browser. So far, more than 2 million computers are believed to have been infected.
An advance notification of the patch published Tuesday describes it as protection for a “remote code execution” vulnerability. The move follows Microsoft’s security advisory posted last Wednesday and updated Monday explaining the vulnerability and suggesting temporary “workarounds” for protection.
The flaw can be used to let attackers steal personal data such as passwords if a user visits a compromised Web site, of which at least 10,000 are thought to already exist. Thus far, the vulnerability has been used primarily for grabbing gaming passwords for black market sales. The hole could, however, potentially also be used to steal more sensitive information such as banking passwords and other private information.
Some security analysts had gone as far as to suggest all IE users switch to a competing browser until Microsoft found a suitable fix.
Microsoft’s emergency security patch will become available Wednesday at 1 p.m. EST at the Microsoft Update site as well as at the Microsoft Download Center. All users of IE5, 6, and 7 are advised to install it. A separate patch is expected to be made available for users of IE8 Beta 2. Expect to see far more detail by midday Wednesday when Microsoft officially issues its security bulletin.