Microsoft issues emergency patch for Explorer security hole
Microsoft Corp. took the unusual step of issuing an emergency fix for a security hole in its Internet Explorer software, one that has exposed millions of users to having their computers taken over by hackers.
The "zero-day" vulnerability, which came to light last week, allows criminals to take over victims' machines simply by steering them to infected websites; users don't have to download anything for their computers to get infected, which makes the flaw in Internet Explorer's programming code so dangerous. The vulnerability affects only Internet Explorer — the world's most widely used web browser — and not other browsers such as Firefox, Safari and Chrome.
Microsoft released a security update, rated "critical," for the browser on Wednesday. People with the Windows Update feature activated on their computers will get the patch automatically.
Microsoft said it has seen attacks targeting the flaw only in Internet Explorer 7, the most widely used version, but has cautioned that all other current editions of the browser are vulnerable.
Thousands of websites already have been compromised by criminals looking to exploit the flaw. Hackers loaded malicious code onto those sites that automatically infect visitors' machines if they're using Internet Explorer and haven't employed a complicated series of workarounds that Microsoft has suggested.
Microsoft rarely issues security fixes for its software outside of its regular monthly updates. The company last did it in October, and a year and half before that.