By Austin Modine for The Register. This story has
been reproduced with permission.
Redmond issued
advanced notice for tomorrow's fix, describing the out-of-cycle
patch as protection from "remote code execution."
Unscheduled updates are pretty rare for Microsoft, stressing the
potentially serious nature of the flaw. Although the last time
Microsoft broke it's update cycle was
in late October – it was the first time it had done so in about
18 months.
The latest zero-day vulnerability stems from data binding bugs
that allows hackers access to a computer's memory space, allowing
attackers to remotely execute malicious code as IE crashes,
Microsoft has said.
Although the exploit was at first contained to warez and porn
sites hosted on a variety of Chinese domains, the malicious
JavaScript code has since spread to more trusted sites though SQL
injection. The flaw is primarily being used to steal video game
passwords at present, but could potentially be used to retrieve
more critical sensitive data from users as well.
The vulnerability is specifically targeted at surfers running IE
7, but it's also known to affect versions 5, 6, and 8 of the
browser as well. All IE users are advised to install the
update.
Microsoft's emergency patch will become available Wednesday at 1
PM EST from auto-update and the Microsoft Download
Center. A separate patch will be made available for those
running IE8 Beta 2.
© The Register
2008
Disclaimer: We hope you find OUT-LAW’s content useful. It’s prepared by the lawyers at Pinsent Masons. Please remember, though, that it’s intended as general information only. It’s not legal advice. If that’s what you’re seeking, please
contact us. See also: our
full disclaimer
