Microsoft finally patches Internet Explorer 6, 7 and 8 security hole

News 14 Jan, 2013

Software giant issues out-of-band fix for remote code vulnerability.

Software giant Microsoft has released an out-of-band patch to fix an Internet Explorer (IE) security hole that could leave users’ systems accessible to hackers.

The vulnerability affects IE versions 6, 7 and 8 and has already been used, Microsoft claims, by hackers to carry out targeted attacks.

In a post on the Microsoft Technet blog earlier this month, the vendor warned hackers could exploit the vulnerability by hosting malicious websites and use social engineering tools to ensure IE users visit them.

“An attacker who successfully exploited this vulnerability could gain the same users rights as the current user,” the blog added.

Microsoft issued advice about several workarounds users could employ to reduce the risk of their systems coming under attack, but has now plugged the hole with a patch.

The firm came under fire earlier this month after failing to include a fix for the vulnerability in its first Patch Tuesday notification of 2013.

Ross Barrett, senior manager of security engineering at vendor Rapid7, said the hole is only seeing “limited exploitation” in the wild at the moment, but that could soon change.

“It's always a race between security teams and malware writers, in this case given the attention this vulnerability has received it likely will not be long before exploitation becomes widespread.

“Getting a fix out under these circumstances is like immunising ahead of an outbreak that has already started,” he added.