Microsoft Readies Critical IE7 Patch

Citing the gravity of a critical vulnerability in Internet Explorer 7, which is being exploited by hackers to launch remote code execution on users’ computers, Microsoft will be issuing an out-of-cycle patch today to plug the security hole.

The vulnerability owes to inadequate handling of DHTML data bindings due to a memory corruption error, and enables hackers to execute codes on victim’s computer remotely as the web browser crashes, the company noted.

Hackers have already been exploiting the vulnerability for more than a week, with the count getting increased significantly over the weekend, as the hackers have started using SQL injection to infect some of the legitimate websites.

Though the vulnerability is largely being employed to steal video game passwords, it could potentially be used to steal other crucial information from victims’ computers.

Initially, the flaw was thought to be affecting IE7 only, but recent reports suggest that it could possibly affect IE5, IE6, and IE8 as well; moreover, the severity of the vulnerability is evident by the fact that Microsoft has issued an out-of-cycle security patch for the second time in 18 months.

Meanwhile, an anti-virus firm, Symantec has notified that users in Asia have been affected most by this flaw. The security patch will be available as an auto-update, or can be downloaded from Microsoft Download Center.

Our Comments

Good to see that Microsoft is working round the clock to solve a vulnerability that could affect millions. No browser is 100 percent safe and the onus is ultimately on the user to make sure that he or she is not taking any chances with dodgy websites.

Related Links

Microsoft issues emergency patch warning for IE

(The Register)

Microsoft plans emergency IE7 patch


Microsoft pushes emergency patch for Internet Explorer

(PC Pro)

Internet Explorer patch out later today

(Computer Weekly)

Microsoft Scrambles To Fix Flaw

(Sky News)

Internet Explorer users warned to change browser over security fears

(Times Online)

Microsoft preps emergency IE patch for Wednesday release

(Computer World)