Microsoft releases patch to fix critical vulnerability

Software giant Microsoft has finally released a patch for its Internet Explorer software that was reportedly allowing hackers to infiltrate email accounts and is believed to have led to cyber-attacks on businesses including Adobe and Yahoo.

But the fix may have come too late, with figures suggesting users have migrated to rival browsers such as Mozilla Firefox, Opera and Google Chrome.

After days of waiting for a patch, Microsoft finally released the update outside of its regular schedule early this morning. But while the company says the fix will update users’ software to protect them against outside invasions, it also recommends users update to the latest version.

Users can find the update here.

“Once applied, customers are protected against the known attacks that have been widely publicised. We recommend that customers install the update as soon as it is available.”

“In the meantime, Microsoft strongly recommends customers who are using Internet Explorer 6 or 7 upgrade to Internet Explorer 8 (IE8) to help mitigate the current security vulnerability.”

The vulnerability came to light after a large number of cyber attacks were directed towards a group of internet companies. Security firms have alleged the attacks originated from within China, prompting Google to threaten abandoning its operations in the country.

But since the attacks, official warnings from the French and German governments have advised internet users to switch their browsing software. The attacks were made using a coding vulnerability in Internet Explorer 6, and many users have abandoned that software for rival browsers.

Ken Kovash from the Mozilla metrics team told V3 the company had recorded higher downloads in France, while a graph released by the company shows a surge in Germany since January 14.

“We can see an uptick in web site traffic from people in France since yesterday, but the impact on downloads will take another day or two to show up in our download numbers,” he said.

Additionally, Opera chief development officer Christen Krogh also said: “We have seen a significant rise in France and Germany where the governments warned against the use of IE, but also in other regions as consumers start to think more carefully about their browser choices for security reasons”.

This is a big hit for Microsoft and Internet Explorer, which controls about 70% of the browser market worldwide. The latest security blunder could give other browsers, such as Google Chrome, a long-awaited boost.

However, Microsoft has said users shouldn’t be lured into a false sense of security with other browsers, suggesting every piece of software has its own vulnerabilities.

It is important to note that all software has vulnerabilities and switching browsers in an attempt to protect against this one, highly publicised, but currently limited attack can inadvertently create some false sense of security.

Security firms have advised users to keep an eye out for future attacks, with Symantec telling Internet Explorer users to update their software as quickly as possible.

“The most likely attack vector appears to be targeted emails containing legitimate looking attachments or links to websites sent to high-level employees. When the attachment is opened, an exploit for the vulnerability is activated and the computer becomes infected.”

“Symantec strongly encourages users to patch their systems against this vulnerability. In addition, enterprises are encouraged to consider implementing an automated patch management solution to help mitigate risk.”