infoTECH Feature

December 17, 2008

Microsoft Issues Emergency Fix for IE

Don’t panic, but you may be exposing all of your information to hackers by using Microsoft’s (News - Alert) Internet Explorer. Ok, maybe there is room for panic, however don’t fret about it too much because the company is uncharacteristically issuing an emergency fix outside their regularly scheduled release dates.
 
Microsoft’s TechNet site stated, “We are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) programs to provide information that they can use to provide broader protections to customers. In addition, we’re actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability.
 
“Current trending indicates that there may be attempts to utilize SQL Injection attacks against Web sites to load attack code on those Web sites. If you’re a Web site operation, please review Microsoft Security Advisory (954462), which provides information on tools you can use to analyze your Web site’s code to help protect against SQL Injection attacks.”
 
The hole in its Internet Explorer, the world's most widely used Web browser, software has exposed millions of users to having their computers taken over by hackers. According to the Associated Press, the "zero-day" vulnerability allows criminals to take over victims' machines by steering them to infected Web sites.
 
Users don't have to download a single thing for their computers to get infected, which makes the flaw in Internet Explorer's programming code all the more dangerous.
 
Microsoft said it plans to ship a security update, rated "critical," for the browser on Wednesday. People with the Windows Update feature activated on their computers will get the patch automatically.
 
Hackers have already loaded malicious code onto Web sites and haven't employed a complicated series of workarounds that Microsoft has suggested.
 
Microsoft said it has seen attacks targeting the flaw only in Internet Explorer 7, the most widely used version, but has cautioned that all other current editions of the browser are vulnerable.
 
The company rarely issues security fixes for its software outside of its regular monthly updates. The company last did it in October, and a year and half before that.

Jessica Kostek is a channel editor for TMCnet, covering VoIP, CRM, call center and wireless technologies. To read more of Jessica’s articles, please visit her columnist page.

Edited by Jessica Kostek
FOLLOW US

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers