Microsoft releases emergency fix

Microsoft has rushed out a security update to patch a flaw in Internet Explorer that left users vulnerable to hackers.

The critical Internet Explorer VML vulnerability, which was found last week, affected ActiveX (used to construct graphics in web pages) and could allow a hacker take control of an affected computer.

Microsoft said on its security blog: “With this particular vulnerability, the biggest concern we had was around risk. This one affected many different platforms in many scenarios that are considered by customers to be common usage.

“While the attacks we saw were very limited, our decision to go out of band on this release was really around the risk in combination with the attacks,” it added.

Microsoft decided to release this update ahead of its scheduled round of security update, usually released the second Tuesday of the month.

According to Sophos, a number of different pieces of malware exploited already the flaw, including Dloadr-ANO, Goldun-EC, and Goldun-EE.

Graham Cluley, senior technology consultant for Sophos, said: "Microsoft's developers were smarting after it was discovered that hackers were actively exploiting a vulnerability for which they had no fix, so it's good news for all Windows users that a patch is now available.”

Security experts advise computer users to ensure their PCs are protected with this patch.

Sophos

Microsoft

More news via RSS Post item to Del.icio.us Post item to Digg.com