informa
2 min read
article

Emergency Microsoft Internet Explorer Patch Arrives Thursday

The IT world sighed with relief at the news that Microsoft is releasing an out-of-band patch for Internet Explorer on Thursday, Jan. 21.
The IT world sighed with relief at the news that Microsoft is releasing an out-of-band patch for Internet Explorer on Thursday, Jan. 21.In a security advisory posted on its Website, Microsoft announced the emergency patch will not only address attacks that are targeting Internet Explorer 6 users, but it will also fix the vulnerability in versions 7 and 8 of the popular Web browser.

That's not just news for Internet Explorer users, of course. It's also positive news for the folks at Microsoft, who must have been smarting to learn rivals Firefox and Opera have seen an increase in downloads since European governments advised users to switch browsers.

I was always a bit wary of that advice, anyway. Many firms have found it hard enough to switch from the (now somewhat creaky) Internet Explorer version 6 to the latest edition, let alone deal with the possible complications that could arise when you change to another browser that your users might not be familiar with and that might not work with some of your Web applications.

It's good news for those of us who aren't working for one of the 30-odd companies targeted by Chinese hackers, too, since we are beginning to see other cybercriminals exploiting the flaw and placing it on copycat Websites in the hope of infecting unsuspecting users.

As you can see in the following video, it's really not hard to take advantage of the Internet Explorer exploit:

Microsoft should be praised for its rapid response to a critical situation. It couldn't have been easy for its team to produce the patch so quickly after news of the "Operation Aurora" hack attack broke. The Internet will be a little bit safer once everyone rolls out the patch.

Graham Cluley is senior technology consultant at Sophos, and has been working in the computer security field since the early 1990s. When he's not updating his award-winning blog on the Sophos website, you can find him on Twitter at @gcluley. Special to Dark Reading.