Hackers target IE browser

Hackers have posted code on the internet to make it easier for them to exploit an unpatched vulnerability in Microsoft's Internet Explorer (IE) browser.

Hackers have posted code on the internet to make it easier for them to exploit an unpatched vulnerability in Microsoft's Internet Explorer (IE) browser.

 

The program, which is based on a critical bug originally disclosed on 22 March, was posted to the Milw0rm.com website, and exploits a flaw in the way IE processes web pages.

 

Hackers had already been using malware to take advantage of this vulnerability to install unauthorised software on victims' computers, but security researchers believe the new method is more dangerous.

 

While older versions of the malware could freeze victims' browsers for more than a minute, giving them an opportunity to shut down their computers and halt the malicious code taking effect, the new software works more quickly, and is likely to be particularly effective on older machines with limited memory and processing capabilities.

 

The software uses new techniques to avoid certain types of signatures used by anti-virus suppliers, and a fix for the problem from Microsoft is not expected until 11 April, the date of its next scheduled security update.

 

That prompted two security companies, Determina and eEye Digital Security to issue unsupported patches for the problem, which tens of thousands of worried users downloaded.

 

Microsoft has shunned the patches, and recommends that users disable IE's Active Scripting feature as a workaround.

 

The difficulty for users is whether they wait for a patch from Microsoft, or choose an interim solution from a third party, which Microsoft might claim to be risky. You can hardly blame users however, for rushing to adopt an immediately available solution.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close