The disclosure of an unpatched bug in Internet Explorer that could allow attackers to take over a PC has prompted Microsoft to caution its users. While Microsoft has been analysing the vulnerability to develop a security patch, compromised sites are being used by hackers to launch attacks using the flaw.
Computers running affected versions of Internet Explorer could be infected after opening an email or visiting a web site carrying malicious code. Once infected, the computer could be taken over by a remote attacker, who could steal data or use the infected computer to attack others.
Microsoft is warning users to exercise caution when opening email messages, and web links in email messages, from untrusted sources.
Carole Theriault, senior security consultant at Sophos, said,
"With no patches yet available to plug this hole, both home users and businesses need to exercise caution here. Users without any additional security measures, such as firewall and anti-virus software, and users who surf the web and open emails and without care, are at much higher risk that those who practice safe computing."
According to Microsoft Security Response Center blog, Microsoft is "working day and night" on development of a security update for Internet Explorer that addresses this vulnerability. It remains unclear whether Microsoft plans to release the fix in its next scheduled security update, 11 April, or whether it is considering an out-of-cycle fix release.
More information is available at http://www.microsoft.com/technet/security/advisory/917077.mspx
|
|
Reader Comments: 0
