Microsoft are taking this hugely seriously and word-is that there is an internal investigation being setup to deconstruct how such a major flaw in the browser can exist – would think this outage maybe large enough for Microsoft to re-evaluate their approach. The patch will arrive ‘out-of-band’ which means straight away and not through a monthly patching schedule (Patch Tuesday).
Microsoft to patch hole in Internet Explorer
Microsoft has taken the unusual step of issuing a mid-month patch
Microsoft will patch a hole in its Internet Explorer browser that may have allowed Chinese hackers access to human rights activists’ e-mail accounts.
The firm normally issues patches at a set time each month but said that the attention the problem had received forced it to move more quickly.
It follows the French and German governments decision to advise citizens to use other browsers.
Security experts said they had seen malicious code exploiting the weakness.
If a web user were to visit a compromised site using a vulnerable browser, they could become infected with a “trojan horse”, allowing a hacker to take control of the computer and potentially steal sensitive information.
Microsoft said on 18 January that there were “very few” infected sites on the web.
But Security firm Sophos said now it had seen “copycat” sites trying to exploit the vulnerability.
“Though numbers are still very low, over the past 24 hours or so we have seen a few sites serving up malicious code attempting exploit the vulnerability,” it said in a blog post.
The bad publicity has allowed rivals such as Firefox to gain market share.
According to web analytics company StatCounter Firefox is now a close second to Internet Explorer (IE) in Europe, with 40% of the market compared to Microsoft’s 45% share.
In some markets, including Germany and Austria, Firefox has overtaken IE, the firm said.
Microsoft said it had now decided to act on the security hole.
“Given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves and the escalating threat environment Microsoft will release a security update out-of-band for this vulnerability,” said Microsoft’s general manager of Microsoft’s trustworthy computing security group George Stathakopoulos.
“We take the decision to go out-of-band very seriously given the impact to customers, but we believe releasing an update is the right decision at this time,” he said.
He said that the only successful attacks “to date” were against IE 6.
“We continue to recommend customers update to Internet Explorer 8 to benefit from the improved security protection it offers,” he said in a security advisory.
Following the high profile attacks on Google, Microsoft admitted that IE was a “weak link”.
The recent spate of attacks were alleged to have hit more than 30 companies including Google and Adobe.
Google threatened to withdraw from the Chinese market following the attacks.”