Microsoft yesterday released a security update it hopes will address reported attacks on PCs via flaws in versions of Internet Explorer (IE), after cyber criminals used the loophole to attack users’ systems last week.
The flaw, which Luxembourg-based security expert Eric Romang first spotted after Poison Ivy attacked his computer last week, is traceable in all IE versions except IE 10.
According to reports, cyber criminals used the flaw to install the Poison Ivy trojan on users’ computers. Microsoft later assured IE users that an “extremely limited number of attacks” had been reported.
The flaw can allow hackers to take remote control of a PC and steal data.
The majority of users have automatic updates enabled for automatic download and installation of the MS12-063 update, Microsoft said.
“For those manually updating, we encourage you to apply this update as quickly as possible. This will not only reinforce the issue that the Fix It addressed, but cover other issues as well,” Yunsun Wee, director of Microsoft Trustworthy Computing, said.
This comes days after Microsoft released a short-term software fix for the malware in its Web browser.
The Fix It tool was “an easy, one-click solution” that helped protect computers, although it was not intended to replace any security update.
Microsoft had earlier suggested workarounds including downloading its disabling Enhanced Mitigation Experience Toolkit, Active Scripting and Active X controls, or changing the security-zone settings on the IE to “high” and running the browser in a restricted mode.
Such vulnerabilities are rare, thus making them dangerous, according to Internet security firm Symantec. Last year, only eight cases of similar software bugs were reported.
“Any time you see a zero-day like this, it is concerning. There are no patches available. It is very difficult for people to protect themselves,” Symantec research manager Liam O Murchu told the BBC.
“MS12-063 also resolves four privately disclosed vulnerabilities that are currently not being exploited,” Yunsun said.
Internet Explorer is the third most popular browser in Africa, with a 25 percent market share, behind Firefox and Google Chrome with 40 percent and 30 percent respectively.
