Microsoft offers emergency patch for IE bug
Wednesday, 27 September 2006, 07:00 Hrs
Los Angeles: Microsoft released a patch to fix a critical flaw in its Internet Explorer (IE) web browser, ahead of its next scheduled round of security updates.
Breaking its monthly patch cycle, the software maker said hackers had been using the flaw to attack computers via the Internet.
Malicious software unknown to users can be loaded on to a vulnerable Windows computer when users click on a malicious link, Microsoft said Tuesday, adding that for more than a week malicious activity had been on the upswing.
The patch will fix vulnerability in the way that Internet Explorer renders VML (Vector Markup Language) graphics, according to a security bulletin released by the company.
The last time the software maker rushed out a fix was in January, when another image-related flaw in the IE browser was being used to compromise Windows PCs through malicious websites.
With attack code that works on the latest version of Windows XP, now publicly available, the flaw is emerging as a very serious concern for administrators, security experts said, while pushing Microsoft to rush out a fix for it.
There are currently more than 3,000 websites infecting users with malware that exploited the deficiency, said Ken Dunham, an expert with the Internet security firm Verisign.