Microsoft has confirmed that it is working on an update to address a recently-disclosed vulnerability in its Internet Explorer web browser.
The company said on Tuesday that it will be preparing an unscheduled update to address the remote code vulnerability, the exact availability of which will be revealed Wednesday.
Such fixes forego the company's monthly release schedule and are generally only deployed in the case of a case of a high-profile unpatched flaw which is being actively targeted.
In this case, the vulnerability is a remote-code execution flaw in IE which can allow for a specially crafted web page to crash the browser and remotely install software. The vulnerability is believed to be the attack vector used in the so-called Operation Aurora attacks on Google and Adobe.
Microsoft recommended that users update their browser to help mitigate the threat of an attack.
"To date, the only successful attacks that we are aware of have been against Internet Explorer 6," wrote Microsoft Trustworthy Computing Security manager George Stathakopoulos in an update posted to the company's security blog.
"We continue to recommend customers update to Internet Explorer 8 to benefit from the improved security protection it offers."
Other security groups, however, are proposing more drastic actions. Government computer security agencies in both Germany and France are advising users to stop using IE altogether until a fix from Microsoft can be released.
No comments:
Post a Comment