Microsoft Corporation has released an emergency software fix for its browser Internet Explorer on Tuesday afterhackers exploited a security loophole in the browser to attack a number of users. Microsoft said on its website it released the software “Fix It” as an emergency stop gap to protect its customers after learning about the “extremely limited, targeted attacks” that made use of the newly discovered loophole.
Microsoft said the attacks took advantage of an undiscovered flaw, or “zero day” vulnerability in industry parlance. State-sponsored hacking groups are often willing to pay hundreds of thousands of dollars for zero-day vulnerabilities in widely used software such as Internet Explorer, according to security experts who track that market.
They typically use them on a small number of carefully selected, high-value targets, so that the flaws remain a secret for as long as possible. A flow on effect when Microsoft issues warnings about zero day flaws or bugs is other hackers involved in cyber crime and identity theft try to reverse engineer the “Fix Its” so that they can build viruses or trojans that can then use those same flaws.
Experts from top security firms say IE users should either stop using the browser until Microsoft can update the whole browser or install the Fix It as soon as possible.
“With the Fix It out, I’m sure any attacker who is a bit sophisticated can figure out what the flaw is and implement a similar exploit in their own attack toolkit,” Wolfgang Kandek stated, chief technology officer with the cybersecurity firm Qualys Inc.
“Fix Its” are pieces of software for remediating security flaws that must be downloaded and installed on PCs. They are designed to protect customers while Microsoft prepares official updates, automatically delivered via the Internet to be installed on computers.
Mr Kandek believes Microsoft will release an update to fix the issues within the next two to three weeks.