IE Exploit Makes it Even Less Secure… Patch IE NOW!
We all know that it is a fact that Internet Explorer is sorry, and it’s mother dresses it funny. It is the most insecure browser on the Internet, and should never be used. HOWEVER, you should still patch this latest exploit with the fix, because it is even worse than the normal IE insecurities. Ouch. Yes, Microsoft is lame… again.
Microsoft issues patch to fix Internet Explorer security gap
“Microsoft has released an emergency software fix for Internet Explorer after hackers exploited a security flaw in the browser to attack an unknown number of users.
Named Fix It, the software patch is Microsoft’s response to learning about ‘extremely limited, targeted attacks’ that made use of the newly discovered bug.
The announcement comes hours after the company has initiated a massive share buyback worth $40bn believed to raise its dividend pay-out to shareholders by 22 per cent.
According to Microsoft’s statement, hackers took advantage of a previously unknown bug to conduct a series of zero-day attacks – those occurring immediately after the discovery, giving software developers no time to address the issue.
Experts believe state-sponsored hacking groups frequently pay thousands of dollars to find and exploit zero-day vulnerabilities in widespread software, such as the Internet Explorer.
To keep the gap secret as long as possible, only a very small number of carefully selected, high-value targets, is attacked initially.
After a warning about a zero-day bug is officially issued, hacking groups will embark on an engineering operation to build computer viruses based on Fix It’s architecture, trying to exploit the same gaps for massive cyber-crime operations, such as identity theft.
Security experts have advised users to either immediately install Fix it or switch to another browser until a regular software update addressing the shortcoming is made available.
‘With the Fix It out, I’m sure any attacker who is a bit sophisticated can figure out what the flaw is and implement a similar exploit in their own attack toolkit,’ said Wolfgang Kandek, chief technology officer at the cyber-security firm Qualys.
Unlike a conventional update, which is installed automatically, Fix It type of software needs to be downloaded and installed by the user on his/hers PC.
Experts believe Microsoft will try to make a proper update ready in two or three weeks. Until then, users can find and install Fix It from Microsoft’s support site.”