Microsoft Latest Hack Involves "Errant Ampersand"

Microsoft Corp. On Tuesday ascertained that a single extra character in its own coding is accountable for the bug that has enabled hackers to exploit its signature web browser Internet Explorer (IE) since earlier this month.

The announcement made by the software company has been in line with the similar discoveries brought forth by a pair of German researchers who analysed a flaw in a Microsoft-manufactured ActiveX control around three weeks ago.

The company has claimed an errant ampersand, “&”, responsible for the bug that paved way for carrying out exploits on IE web browser, Microsoft admitted in a blog post published at its Security Development Lifecycle (SDL) website.

A security program manager at Microsoft, Michael Howard, notified in his blog post that the typo actually corrupted the code of an ActiveX control employed by the web browser. The control was developed by using an older library of codes containing flaws, Howard admitted.

In order to address these flaws relating to ActiveX components, Microsoft has issued an emergency fix for IE, as well as for Visual Studio that use the same library of codes, referred to as Active Template Library (ATL).