Microsoft rushes to patch hole in Internet Explorer

20 septembre 2012

Having recently discovered that malware is being installed on products before they leave the assembly line, Microsoft is back under the security spotlight after telling users that Internet Explorer, its global web browser, could open the door to cybercriminals.

According to Reuters, the hole in the popular browser was discovered on September 14, when a security expert in Luxemburg realized that his PC had been infected with the Poison Ivy virus. The malware is designed to breach web security protocols and allow PCs to be remotely controlled from another location, with cybercriminals the most likely recipients of any stolen data.

Microsoft moved quickly to reassure users that it was working on the problem, and advised anyone who felt vulnerable to attack to download a free patch, the Enhanced Mitigation Toolkit, as a temporary data protection fix, while the company developed a long-term solution. However, security experts warned that the software was cumbersome and would require users to manually configure the settings to stop Poison Ivy, and it would probably be easier to surf the web on another, less compromised, browser.

Germany rings alarm bells
The breach of one of the oldest web browsers on the internet set alarm bells ringing in Germany, where, according to Reuters, the government urged users to switch to another browser as officials feared that hackers would use the virus to spread chaos through infected PCs. Poison Ivy is considered a "zero-day" virus, a rare form of malware that is dangerous to users because it is so new. Only eight of these were discovered in the whole of 2011, but bearing in mind the high-profile nature of the browser that it exploited, Microsoft is working around the clock to develop a security update.

"We have received reports of only a small number of targeted attacks and are working to develop a security update to address this issue," said Yunsun Wee, a spokesperson for the company. "We are taking this proactive step to help ensure Internet Explorer customers are protected and able to safely browse online."

Microsoft has not confirmed how long it will take to patch the hole, but the browser has been popular since it was launched in 1995. In 2002, it had a 95 percent usage share of the market, and, while this has dropped significantly as other web browsers such as Mozilla, Safari, Chrome and Firefox have entered the marketplace, figures show that it was second only to Google Chrome in August of this year with 33 percent of market share.

-McAfee Cloud Security