Internet Explorer Patch Fixes Security Flaw

Microsoft Releases Software Patch for IE 7 Zero Day Attacks

Dec 17, 2008 Mia Carter

Just days after the Internet Explorer security breach was exploited by hackers who targeted thousands of websites, an emergency software patch is released.

On December 17, 2008 Microsoft released an emergency software patch for Internet Explorer, days after a security flaw came to light.

During the second week of December, 2008, when the IE security breach became widely publicized. After discovering the vulnerability in all versions of Microsoft's Internet Explorer software, hackers compromised more than 10,000 legitimate websites, inserting code that infects website visitors' computers with malware and spyware.

Once an Internet Explorer user's computer is infected with the software, the malicious software is then remotely activated and used to obtain the computer user's passwords, credit card numbers and other personal information that can be used for identity theft and fraud.

In response to these Internet Explorer Zero Day Attacks, as they're termed, Microsoft software engineers set to work, creating a software patch that can be installed to repair the IE security hole.

What Do the Internet Explorer Zero Day Attacks Mean for Internet Users?

The Internet Explorer 7 Zero Day Attacks are especially dangerous because no user interaction is required for a user's computer to become infected. Simply visiting a compromised (but otherwise legitimate) website is all that's needed for the exploiters to install malware and spyware into a computer via the hole in the IE software.

Microsoft has been closely following the IE 7 Zero Day Attacks and thus far, more than 60 percent of the affected computers have been located in the United States. Other hard-hit countries include Canada, China and Japan.

In the Microsoft says that thus far, they've seen an array of malware and spyware installed on computers via the Internet Explorer security flaw: "Most commonly password stealers, like new variants of game password stealers like Win32/OnLineGames, and Win32/Lolyda; keyloggers like Win32/Lmir; trojan horse applications like Win32/Helpudalong with some previously unseen malware, which we generically detect as Win32/SystemHijack."

Notably, Microsoft says that most, if not all of those computers infected during these attacks, were running Internet Explorer 7. But further investigation revealed that all versions of Internet Explorer contain versions of the same security flaw.

Where to Find the Internet Explorer Software Patch to Fix the Security Flaw

Due to the large-scale of this security flaw, the problem was deemed "critical" by Microsoft. Microsoft was able to complete work on a Internet Explorer software patch within a matter of days.

In many cases, the availability of this new software patch for the Internet Explorer security flaw will trigger the activation of the automatic software update programs, like Windows Update in PCs and Software Update in Macs. These programs will prompt the user to download the IE software patch.

The Microsoft Internet Explorer security flaw patch is also available for manual download on Microsoft's Download Center. Also available are the latest versions of Microsoft's Malicious Software Removal Tool - a vital download for all PC users.

Microsoft's Malicious Software Removal Tool will search out and destroy malware and spyware which may have been transferred to a user's computer as a result of the Internet Explorer security flaw. Notably, Microsoft's Malicious Software Removal Tool is only available for PCs.

Mac users - especially those who have been running an unpatched version of Internet Explorer in the past couple of weeks - should also run anti-spyware and anti-malware software to remove any malicious programs that have been installed as a result of the IE security breach.

In addition, Microsoft expert and Microsoft Security Response Center blogger Christopher Budd offered the following advice: "[Microsoft security experts have] updated our guidance to recommend that you evaluate implementing two of the workarounds together for the most effective protection. Specifically, we're recommending both setting the Internet zone security setting to High and using ACLs [Access Control Lists] to disable Ole32db.dll. Our research so far has shown that these two steps together provide the most effective protections for this issue."

Check out the article Microsoft Internet Explorer Security Flaw is Identified to learn more about the IE 7 Zero Day Attacks.

The copyright of the article Internet Explorer Patch Fixes Security Flaw in Internet is owned by Mia Carter. Permission to republish Internet Explorer Patch Fixes Security Flaw in print or online must be granted by the author in writing.

Internet Explorer Software Patch Fixes Flaw

What do you think about this article?

---

NOTE: Because you are not a Suite101 member, your comment will be moderated before it is viewable.

post your comment

What is 4+8?