ID: IRCNE2013011736
Date: 2013-01-15
According to “ITPro”, software giant Microsoft has released an out-of-band patch to fix an Internet Explorer (IE) security hole that could leave users’ systems accessible to hackers.
The vulnerability affects IE versions 6, 7 and 8 and has already been used, Microsoft claims, by hackers to carry out targeted attacks.
In a post on the Microsoft Technet blog earlier this month, the vendor warned hackers could exploit the vulnerability by hosting malicious websites and use social engineering tools to ensure IE users visit them.
“An attacker who successfully exploited this vulnerability could gain the same users rights as the current user,” the blog added.
Microsoft issued advice about several workarounds users could employ to reduce the risk of their systems coming under attack, but has now plugged the hole with a patch.
The firm came under fire earlier this month after failing to include a fix for the vulnerability in its first Patch Tuesday notification of 2013.
Ross Barrett, senior manager of security engineering at vendor Rapid7, said the hole is only seeing “limited exploitation” in the wild at the moment, but that could soon change.
Related Posts:
Microsoft to issue emergency IE patch before next Patch Tuesday
- 2