An advance notification of the patch published Tuesday describes it as protection for a “remote code execution” vulnerability. The move follows Microsoft’s security advisory posted last Wednesday and updated Monday explaining the vulnerability and suggesting temporary “workarounds” for protection.
The flaw can be used to let attackers steal personal data such as passwords if a user visits a compromised Web site, of which at least 10,000 are thought to already exist. Thus far, the vulnerability has been used primarily for grabbing gaming passwords for black market sales. The hole could, however, potentially also be used to steal more sensitive information such as banking passwords and other private information.
Microsoft’s emergency security patch will become available Wednesday at 1 p.m. EST at the Microsoft Update site as well as at the Microsoft Download Center. All users of IE5, 6, and 7 are advised to install it. A separate patch is expected to be made available for users of IE8 Beta 2. Expect to see far more detail by midday Wednesday when Microsoft officially issues its security bulletin.
When you purchase through links in our articles, we may earn a small commission. This doesn't affect our editorial independence.