UPDATE: Patch Now Available:
Microsoft is issuing an update to Internet Explorer today that patches the serious security issue in its browser, we reported (see below). This issue came to light over the weekend and what made it especially problematic was that it involved every version from IE 6 forward.
Windows XP users, however, cannot update their browser beyond version 8 and Microsoft is not patching XP anymore at this point in its life cycle. For this bug, however, Microsoft has made an exception and it is patching IE on Windows XP as well.
“The security of our products is something we take incredibly seriously. When we saw the first reports about this vulnerability we decided to fix it, fix it fast, and fix it for all our customers. The update that does this goes live today at 10 a.m. PST,” said Adrienne Hall, General Manager, Microsoft Trustworthy Computing in a statement today.
The update will take place automatically and users will not need to take any action themselves to get this patch.
The security issue allows hackers to execute code on an affected machine remotely if users visited a malicious site. IE 10 and 11 users were relatively safe thanks to the enhanced Protected Mode these browsers offer. Older versions of IE, which are still widely used, don’t offer this feature.
Many schools working on systems that encourage the use of the web-browser Internet Explorer, which usually comes pre-installed with many server systems, however the U.K. and USA governments are advising that people switch use of browsers until a major security fix has been released by Microsoft. A zero-day flaw has been revealed in Internet Explorers versions 6, 7, 8, 9, 10 and 11, according to Microsoft (click here to read their release).
Many schools use Internet Explorer by default, but technicians and IT Managers are being advised to release other alternative browsers to be used for all systems as a matter of urgency, until the security flaw is patched, at which point Internet Explorer versions should be updated as a matter of urgency.
The flaw allows for “remote code injection,” which is quite nasty. Microsoft states that it is “aware of limited, targeted attacks that attempt to exploit [the] vulnerability.” So this is hot and live. The flaw “exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated.”
Microsoft are currently working on a security patch – we will update this story when we hear of its release. In the meantime, all users/institutions/schools are advised to use the internet via: Google Chrome; Firefox; Opera; Safari; or other browsers freely available on the internet.