Microsoft scrambles to fix Internet Explorer bug

Security flaw in browser is already being used in ‘limited, targeted attacks’

Microsoft is rushing to fix a security flaw in its Internet Explorer browser that is already being used in “limited, targeted attacks”. Photo: Bloomberg
Microsoft is rushing to fix a security flaw in its Internet Explorer browser that is already being used in “limited, targeted attacks”. Photo: Bloomberg

Microsoft is rushing to fix a security flaw in its Internet Explorer browser that is already being used in "limited, targeted attacks."

To take over a user’s personal computer through the browser’s vulnerability, a hacker would have to persuade that person to click on a link to view a malicious website, Microsoft said in a security advisory.

The flaw exists in Internet Explorer versions 6 through 11, which means it will affect users of Windows XP, the operating system that Microsoft stopped supporting with security updates earlier this month.

Fifty-eight per cent of all desktop PCs run some edition of Internet Explorer, according NetMarketShare, compared with 18 per cent for Google’s Chrome, the second most-popular browser.

READ MORE

“An attacker who successfully exploited this vulnerability could gain the same user rights as the current user,” Microsoft said in the advisory, issued on April 26.

“On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out- of-cycle security update, depending on customer needs.”

Symantec, the biggest maker of PC-security software, advised customers to switch to another browser until Microsoft releases a software patch to fix the vulnerability and to use a security mitigation tool kit that Microsoft recommended and that will work with Windows XP.

Bloomberg