Microsoft releases emergency patch to fix Internet Explorer

Microsoft will today release an emergency out-of-band patch which aims to fix a widely-reported vulnerability in virtually all versions of Internet Explorer.

Concern had reached fever-pitch as attacks on the browser escalated to take advantage of the flaw, which affected not only the current Internet Explorer 7, but IE 5.01 SP4, IE 6 SP1 and IE 8 Beta 2.

The critical out-of-band update follows the discovery of password-stealing Trojans on various sites centred in China. Hackers have exploited this by using SQL injection techniques, which create malicious links on legitimate websites.

The out-of-band update will be the second emergency patch released by Microsoft in the last few months. The first emergency patch was also marked as critical, and fixed a flaw which let an attacker take control of a target’s computer.

A spokesperson at security firm McAfee said: “Microsoft has issued 77 Security Bulletins in 2008, compared with 69 bulletins in 2007 and 78 in 2006.

“The number of Security Bulletins isn’t decreasing, indicating that security problems in Microsoft software aren’t likely to become a thing of the past anytime soon.”

However Internet Explorer isn’t the only browser needing patching, as Mozilla also rolled out a final security fix for Firefox 2 as a new version of Firefox 3 which plugs three critical vulnerabilities and a number of other lower priority issues.

Opera has also released a ”recommended security upgrade” that fixes a number of security vulnerabilities, including some marked “extremely” and “highly severe”.

The patch should be available after 6pm today.

Email to a friend

Print this page