Microsoft confirms IE bugs - fix due in two weeks

Microsoft has confirmed the existence of code that could be used by hackers to exploit a security bug in its Internet Explorer web browser.

Microsoft has confirmed the existence of code that could be used by hackers to exploit a security bug in its Internet Explorer web browser.

The confirmation comes after three separate reports of security flaws in Internet Explorer earlier this week.

In an advisory notice, the software giant confirmed that a vulnerability in the browser could allow hackers to execute arbitrary code on the user's system.

Microsoft said, “We have seen examples of proof-of-concept code but we are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time.”

Attackers would not be able to exploit the bug to force users to visit a malicious website, but could lure victims through e-mail or specially designed web banner advertisements.

In an e-mail based attack, users would have to click a link to the malicious site or open an attachment that exploits the flaw.

Microsoft said it was continuing to investigate and would produce additional guidance where necessary.

A security update would be provided through the regular monthly patch release or a special one-off release, the company said. The next scheduled patch release is on Tuesday 11 April.


 

Read more on IT risk management

SearchCIO
SearchSecurity
SearchNetworking
SearchDataCenter
SearchDataManagement
Close