Microsoft scrambles to block IE loophole
Posted 31 minutes ago
Microsoft is releasing an emergency patch to fix a perilous software flaw which allows hackers to hijack Internet Explorer (IE) browsers and take over computers.
The US software giant said that in response to "the threat to customers" it immediately mobilised security engineering teams worldwide to deliver a software cure "in the unprecedented time of eight days".
Researchers at software security firm Trend Micro say attacks based on the vulnerability in the world's most popular web browser are "spreading like wildfire", with millions of computers already compromised.
Microsoft typically releases patches for its software on the second Tuesday of each month and rushing this fix to computer users out-of-cycle is testimony to the severe danger of the threat, according to Trend Micro.
"When the patch is released people should run, not walk, to get it installed," Trend Micro advanced threat researcher Paul Ferguson said.
"This vulnerability is being actively exploited by cyber-criminals and getting worse every day."
Trend Micro has identified about 10,000 websites that have been infected with malicious software that can be surreptitiously slipped into visitors' unprotected IE browsers to take advantage of the flaw.
Hackers can take control of infected computers, steal data, redirect browsers to dubious websites, and use machines for devious activities such as attacks on other networks, according to security specialists.
"What makes this so insidious is it takes advantage of a big gaping hole of IE, which has the largest install base of any browser on the market," Mr Ferguson said.
IE is used on nearly three-quarters of the world's computers, according to industry statistics from November.