Microsoft: IE Patch to be Released Soon to Plug Brower’s Security Hole
Microsoft said on Wednesday that another fix on the freshly identified security hole in Internet Explorer will be dispatched in the next few days, insisting that the patch should temporarily protect millions of global users while engineers work for an IE update.
In a blog post, Microsoft's Trustworthy Computing director Yunsun Wee told IE users that the new Fix-it will shut down the back door on the browser's zero-day vulnerability that was identified over the weekend.
Once installed, the security fix will prevent Poison Ivy from installing into a machine, Microsoft said. The Trojan lies in waiting on specific sites and will creep into systems that visit them using the software giant's in-house browser.
Infected machines, according to Ars Technica, would be rendered open house for cyber criminals "to remotely issue commands and monitor e-mail and instant message communications."
While alarms raised by experts were valid, Ms Yee said on her post that "we have only seen a few attempts to exploit the issue, impacting an extremely limited number of people."
The move, she added, is Microsoft's "proactive step to help ensure Internet Explorer customers are protected and able to safely browse online."
Fix-it, according to Ms Yee, is a breeze to install on PCs and is compatible to existing IE versions. "It won't require a reboot of your computer," she added.
"The Fix it is an easy-to-use, one-click, full-strength solution any Internet Explorer user can install. It will not affect your ability to browse the Web, and it will provide full protection against this issue until an update is available," Ms Yee said.
PC users would also bring in more defence mechanism to their systems by downloading and installing the Enhanced Mitigation Experience Toolkit or EMET.
This Microsoft tool, CNET said, will try "to ward off attacks on software holes by putting up a wall of security obstacles that the malware writers must circumvent."
Microsoft also advised PC owners to update their security softwares - anti-virus, anti-spyware and firewall - and ensure that they run properly while online.
Other security pointers from Ms Yee can be viewed on the Microsoft Security Response Centre page, which is accessible via this link: http://blogs.technet.com/b/msrc/.
But the easier solution available for PC users at the moment, according to security experts, is to ditch IE until such time that the browser's security exploits have plugged by Microsoft.
The German government, in fact, has called on the country's net surfers to avoid IE for now to effectively dodge any hacking attempts.