Home1
Microsoft patches Internet Explorer hole Fri Jan 22, 2010 2:13 pm
Sanket
Administrator
Posts : 6222
Points : 392
Location : Mumbai
Browser :
Microsoft has released a fix for a hole in Internet Explorer that was the weak link in a "sophisticated and targeted" cyber attack on Google.
Microsoft recommends that customers install the update as soon as possible or update to the latest version of the web browser for "improved security".
Microsoft normally issues patches monthly but the high-profile nature of the attacks led it to act more quickly.
The patch - MS10-002 - was released worldwide at 1000 PST (1800 GMT).
"It addresses the vulnerability related to recent attacks against Google and small subset of corporations, as well as several other vulnerabilities," the firm said.
"Once applied, customers are protected against the known attacks that have been widely publicised."
Microsoft has admitted that it has known about the vulnerability since "since early September" 2009 and had planned to patch it in February.
Trojan Horse
Google threatened to withdraw from the Chinese market following attacks on its infrastructure.
The hacks - thought to have originated in China - targeted the Gmail accounts of Chinese human rights activists.
Following Microsoft's revelation that Explorer had been used in the attacks, the French and German governments advised their citizens to switch to a different browser until the hole had been closed.
The UK government downplayed the threat and said there was "no evidence that moving from the latest fully patched versions of Internet Explorer to other browsers will make users more secure".
However, Microsoft has taken the unusual step of patching the hole nearly three weeks ahead of its regular security update.
The new patch is available via the Microsoft Update site and will also be fed out to those who have their machines set to update automatically. All versions of Internet Explorer will receive the update.
Malicious code exploiting the weakness is known to be circulating on the web, said security experts.
If a web user were to visit a compromised site using a vulnerable browser, they could become infected with a "trojan horse", allowing a hacker to take control of the computer and potentially steal sensitive information.
Microsoft said on 18 January that the firm had only seen malicious code that targeted the older version of its browser, IE6 and that there were "very few" infected sites on the web.
But security firms had said they had seen "copycat" sites trying to exploit the vulnerability.
The bad publicity has allowed rivals such as Firefox to gain market share.
According to web analytics company StatCounter Firefox is now a close second to Internet Explorer (IE) in Europe, with 40% of the market compared to Microsoft's 45% share.
In some markets, including Germany and Austria, Firefox has overtaken IE, the firm said.
Mozilla, the foundation behind Firefox has just released the latest version (3.6) of the open-source browser.
Microsoft recommends that customers install the update as soon as possible or update to the latest version of the web browser for "improved security".
Microsoft normally issues patches monthly but the high-profile nature of the attacks led it to act more quickly.
The patch - MS10-002 - was released worldwide at 1000 PST (1800 GMT).
"It addresses the vulnerability related to recent attacks against Google and small subset of corporations, as well as several other vulnerabilities," the firm said.
"Once applied, customers are protected against the known attacks that have been widely publicised."
Microsoft has admitted that it has known about the vulnerability since "since early September" 2009 and had planned to patch it in February.
Trojan Horse
Google threatened to withdraw from the Chinese market following attacks on its infrastructure.
The hacks - thought to have originated in China - targeted the Gmail accounts of Chinese human rights activists.
Following Microsoft's revelation that Explorer had been used in the attacks, the French and German governments advised their citizens to switch to a different browser until the hole had been closed.
The UK government downplayed the threat and said there was "no evidence that moving from the latest fully patched versions of Internet Explorer to other browsers will make users more secure".
However, Microsoft has taken the unusual step of patching the hole nearly three weeks ahead of its regular security update.
The new patch is available via the Microsoft Update site and will also be fed out to those who have their machines set to update automatically. All versions of Internet Explorer will receive the update.
Malicious code exploiting the weakness is known to be circulating on the web, said security experts.
If a web user were to visit a compromised site using a vulnerable browser, they could become infected with a "trojan horse", allowing a hacker to take control of the computer and potentially steal sensitive information.
Microsoft said on 18 January that the firm had only seen malicious code that targeted the older version of its browser, IE6 and that there were "very few" infected sites on the web.
But security firms had said they had seen "copycat" sites trying to exploit the vulnerability.
The bad publicity has allowed rivals such as Firefox to gain market share.
According to web analytics company StatCounter Firefox is now a close second to Internet Explorer (IE) in Europe, with 40% of the market compared to Microsoft's 45% share.
In some markets, including Germany and Austria, Firefox has overtaken IE, the firm said.
Mozilla, the foundation behind Firefox has just released the latest version (3.6) of the open-source browser.
