Microsoft has confirmed a new security vulnerability in its Internet Explorer browser and says it plans to issue a patch for the problem on 10 October, its next scheduled monthly patching date.
The confirmation follows reports from various security software companies that exploit code for the vulnerability has already been circulated and is initially targeting users who visit porn sites.
As a result, users risk opening up their systems to spam, adware and spyware, and could risk having their machines being taken over completely by remote attackers.
If the problem escalates, said Microsoft, it may distribute a patch to the problem before 10 October.
Microsoft said the vulnerability was in Windows’ implementation of the Vector Markup Language (VML).
The company said, “Microsoft is aware of the public release of detailed exploit code that could be used to exploit this vulnerability. Based on our investigation, this exploit code could allow an attacker to execute arbitrary code on the user's system. Microsoft is aware that this vulnerability is being actively exploited.”
Microsoft added, “A security update to address this vulnerability is now being finalised through testing to ensure quality and application compatibility, Microsoft’s goal is to release the update on 10 October , or sooner depending on customer needs.”
The company is already dealing with another Internet Explorer hole that appeared at the end of last week. Users are also still waiting for a patch to solve that problem too.
Vote for your IT greats
Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?
Vote now at: www.computerweekly.com/ITgreats