Microsoft issues emergency patch for IE flaw
Microsoft is being forced to step in and patch up the hole at the centre of the battle between Google and China.
Microsoft is to release an emergency patch for the Internet Explorer (IE) flaw that has seen Google and several other major companies hacked over recent months, saying it has little choice given the "escalating threat environment".
Despite claiming that only the ageing Internet Explorer 6 is vulnerable to the attacks, and that they are very limited in nature, the company is nonetheless issuing an out-of-cycle update across the board.
Earlier this week, Microsoft urged users of its IE software to update to the latest version, Internet Explorer 8, but in doing so was forced to concede that both versions 7 and 8 of the software were also vulnerable to the IE6 security flaw that has left US computing giant Google and the Chinese government in a high-profile standoff.
In making the admission, Microsoft was quick to stress that it had not seen successful attacks against IE7 or IE8 as yet, but its researchers had proved the possibility was there.
Writing on the Microsoft Security Response Center blog yesterday, Trustworthy Computing Security general manager George Stathakopoulos said: "Given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves and the escalating threat environment Microsoft will release a security update out-of-band for this vulnerability."
The exact timing of the release will be known later today, but with the next monthly Patch Tuesday window still three weeks away, Microsoft has little choice to break its traditional update protocol.
"We take the decision to go out-of-band very seriously given the impact to customers, but we believe releasing an update out-of-band update is the right decision at this time," Stathakopoulos wrote.
Consumer choice and the payment experience
A software provider's guide to getting, growing, and keeping customersDownload now
Prevent fraud and phishing attacks with DMARC
How to use domain-based message authentication, reporting, and conformance for email securityDownload now
Business in the new economy landscape
How we coped with 2020 and looking ahead to a brighter 2021Download now
How to increase cyber resilience within your organisation
Cyber resilience for dummiesDownload now