TechThisOut!

Microsoft is considering releasing a fix for a bug in Internet Explorer, as malicious hackers are actively exploiting the bug online. The bug could be deemed serious enough that waiting for the usual monthly patches would put too many users at risk.

The bug means that “hackers” can take over Windows machines and install ad/spyware which could not only annoy alot of users, but compromise the security of online activities such as online banking.

It was discovered by anti-spyware firm Sunbelt Software on 21 September, and can be exploited by using the weaknesses found in the way Internet Explorer handles vector graphics.

Sites found by Sunbelt used this vulnerability to install huge amounts of spyware and adware on a PC, hijack it for other malicious reasons, or install keyloggers, despite the machine being patched with the latest updates.

According to Microsoft, who are monitoring the situation, attacks are not yet widespread or too critical, which could be why they have not yet released a patch. With their blog stating that :”The primary driver here is quality and protecting customers, not adherence to the monthly schedule”.

Many unofficial patches are being released, but Microsoft is not endorsing them in any way.

Update (27/09/2006): Microsoft released a fix for the above earlier today which can be downloaded via Windows Update.