The US software giant said that in response to “the threat to customers” it immediately mobilised security engineering teams worldwide to deliver a software cure “in the unprecedented time of eight days.”
According to researchers at software security firm Trend Micro, attacks based on the vulnerability in the world’s most popular Web browser are spreading “like wildfire” with millions of computers already compromised.
Microsoft typically releases patches for its software on the second Tuesday of each month and rushing this fix to computer users out-of-cycle is testimony to the severe danger of the threat, according to Trend Micro.
“Microsoft releasing emergency patch for perilous IE flaw”
(As seen on /.)
The mainstream press and consumer IT news services are starting to pick up on the issue. Not surprisingly, there is a fair amount of disbelief that M$ are so blithely just advising users to be cautious rather than provide a real fix.
As mentioned previously, the greater worry is not in user computers becoming infected due to the flaw, but rather the trend that is the propagation of infections that are impacting legitimate web sites causing wider spread of the problem. The obvious greatest concern would be if the non-technical news sites (eg: BBC, CNN, etc) became compromised as the flow-on would undoubtedly eventually hit the online financial services (ie: banks) sites.
So, how long can M$ persist to play the role of Nero* before people start to vote with their feet(/fingers) and switch to non-IE browsers ?
“If users can find an alternative browser, then that’s good mitigation against the threat.”
But Microsoft counselled against taking such action.
“Hackers Compromise Legit Web Sites to Target Microsoft IE Flaw”
“Serious security flaw found in IE”
*Nero of “fiddled while Rome burns” fame rather than the CD burning variety.