Citing the gravity of a critical vulnerability in Internet Explorer 7, which is being exploited by hackers to launch remote code execution on users’ computers, Microsoft will be issuing an out-of-cycle patch today to plug the security hole.
The vulnerability owes to inadequate handling of DHTML data bindings due to a memory corruption error, and enables hackers to execute codes on victim’s computer remotely as the web browser crashes, the company noted.
Hackers have already been exploiting the vulnerability for more than a week, with the count getting increased significantly over the weekend, as the hackers have started using SQL injection to infect some of the legitimate websites.
Though the vulnerability is largely being employed to steal video game passwords, it could potentially be used to steal other crucial information from victims’ computers.
Initially, the flaw was thought to be affecting IE7 only, but recent reports suggest that it could possibly affect IE5, IE6, and IE8 as well; moreover, the severity of the vulnerability is evident by the fact that Microsoft has issued an out-of-cycle security patch for the second time in 18 months.
Meanwhile, an anti-virus firm, Symantec has notified that users in Asia have been affected most by this flaw. The security patch will be available as an auto-update, or can be downloaded from Microsoft Download Center.
Good to see that Microsoft is working round the clock to solve a vulnerability that could affect millions. No browser is 100 percent safe and the onus is ultimately on the user to make sure that he or she is not taking any chances with dodgy websites.