V3.co.uk

Microsoft to release critical IE patch today

Flaw that allowed hackers to attack Google's systems set to be fixed

  • Phil Muncaster
  • Phil Muncaster
0 Comments
Internet Explorer
An IE flaw is thought to be the cause of the hacking attempts on Google and other companies

Microsoft has revealed that an out-of-cycle security update it has been working on to fix a critical flaw in Internet Explorer will be made available this evening UK time.

Microsoft security programme manager Jerry Bryant said in a blog posting yesterday that the firm is planning to release the update "as close as possible to 10am PST" (6pm GMT).

"This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer with an aggregate severity rating of critical," he wrote.

"It addresses the vulnerability related to recent attacks against Google and a small subset of corporations, as well as several other vulnerabilities. Once applied, customers are protected against the known attacks that have been widely publicised."

Joshua Talbot, security intelligence manager at Symantec Security Response, argued that although the flaw has only been exploited in high profile attacks thus far, firms should patch their systems as soon as they can.

“Despite the fact that we’ve seen just limited attacks using this vulnerability, with exploit code public, there is no reason to think we won’t see more attack attempts,” he added. “And you can be sure bad guys are working overtime to create reliable exploits for the other affected versions of Internet Explorer, namely 7 and 8.”

Microsoft has been under pressure to release an unscheduled patch after governments in France, Germany and Australia urged their citizens to switch to an alternative browser until the vulnerability had been fixed.

Yesterday it emerged that Opera and Firefox had both seen spikes in downloads of their products as a result of the ongoing uncertainty around the security of Microsoft's browser.

However, Microsoft had been at pains to say that users of its Internet Explorer 8 browser would be at minimal risk from the threat, given its advanced built-in security protection.

V3 Latest