Stan Beer
Wednesday, 27 September 2006 06:13
Business IT -
Security
With the news that thousands of web sites are already exploiting an Internet Explorer flaw, Microsoft has been stung into action and rushed out a patch instead of waiting until the next Patch Tuesday on October 10.
The flaw, which is in the most severe category
of critical, would enable attackers to gain complete control of a
user's computer if the target simply visited a malicious web site.
In addition, the serious nature of the flaw escalated last week with
the news that it was possible to exploit the flaw through HTML emails.
Users could be hacked and lose control of their system simply by
opening an email without an attachment.
When news broke of the possible email exploit, Microsoft issued advice
to users to play it safe by opening emails in text only mode. However,
a third party organization of security experts calling itself ZERT
(Zero Day Emergency Response Team) took it upon itself to issue a
temporary patch until Microsoft issued its official fix.
Meanwhile, Microsoft has been criticised by some, such as security
research group SANS Institute and ZERT, for not getting a patch out
sooner.
Now that a patch is available, users are advised to install it as soon as possible.
The patch is available from Microsoft's security update
site.