December 17, 2008

Security Flaw Exposed In Internet Explorer 7

An Internet Explorer security hole has exposed millions of users to hackers, leading Microsoft Corp. to take unusual steps for an emergency fix.

This flaw known as the "zero-day" vulnerability, allows criminals to take over their victims' machines simply by steering them to infected Web sites.  The users do not have to download anything for their computers to get infected, which makes the security hole in Internet Explorer's programming code dangerous.  Internet Explorer is the world's most popular Web browser.

On Wednesday, Microsoft said it plans to ship a security update, rated "critical," for the browser.  The patch will be brought to the users automatically when they run the Windows Update feature on their computers.

There has been thousands of Web sites already compromised by criminals looking to exploit the flaw.  There has been malicious code loaded onto those sites that automatically infect visitors' machines if they're using Internet Explorer and have not employed a complicated series of workarounds that Microsoft suggested.

The attacks are seen by Microsoft as targeting the only flaw in Internet Explorer 7, but they have cautioned that all other current editions of the browser are vulnerable. 

Security fixes are rarely issued by Microsoft for its software outside of its monthly updates.  The last security fix was in October, and before that it was a year and a half.


On the Net: