Microsoft has issued a security patch to fix a critical vulnerability in its Internet Explorer browser it said has attacked over 2m Windows users.
The flaw is believed to have already infected as many as 10,000 websites.
The "zero day" exploit let criminals to take over victims' computers by steering them to infected websites.
Microsoft's Christopher Budd said the software giant "encourages all IE customers to test and deploy this update as soon as possible".
He also said the threat lead Microsoft to mobilize security engineering teams worldwide to deliver a software cure "in the unprecedented time of eight days".
The company's security response team said the patch consists of more than 300 distinct updates for more than half-a-dozen versions of IE in around 50 languages.
"Even with that, the release Emergency Response process isn't over," said Security Response Alliance director Mike Reavey.
"There is additional support to customers and additional refinement of our product development efforts."
Microsoft stressed that the flaw was proven to exist only in IE 7 on all applicable versions of Windows, but that IE 6 and the "beta" release of IE 8 were "potentially vulnerable".
Users who have automatic updates turned on will receive the patch over the next 24 hours while others can access it via a download.
"Wildfire"
The AZN Trojan has been making the rounds since the beginning of December but became public knowledge in the last week . Unlike other exploits, users only have to visit a malicious site with Trojans or other malware in order to become contaminated.
Once an infected web page is opened, malicious downloaders are installed on the computer designed to record keystrokes and steal passwords, credit card details and other financial information.
The sites affected are mostly Chinese and have been serving up programmes to steal passwords for computer games which can then be sold for cash on the black market.
Internet Explorer is the world's most widely used web browser with nearly three quarters of the market share.
Microsoft estimated that one in every 500 Windows users had been exposed to sites that try to exploit the flaw and the number of victims was increasing at a rate of 50% daily.
Researchers at the software security firm Trend Micro said attacks were speaking "like wildfire".
"This vulnerability is being actively exploited by cyber-criminals and getting worse every day," said the company's advanced threat researcher Paul Ferguson.
Microsoft labelled the bug as "critical," the most serious threat ranking in its four-step scouring programme.
- Change IE security settings to high (Look under Tools/Internet Options)
- Switch to a Windows user account with limited rights to change a PC's settings
- With IE7 or 8 on Vista turn on Protected Mode
- Ensure your PC is updated
- Keep anti-virus and anti-spyware software up to date
Related Site:
Bugs On G1 Mobile Phone (Google's Android)
Tips To Increase Your Google PageRank
Becareful When Using PC at Public Place
Warning For All File Sharers
Enabling The Security Features In Outlook 2007
No comments:
Post a Comment