Picking up pace on fixing the critical security vulnerability that affects Internet Explorer (IE) 6 and 7 - especially after the recent public release of exploit code by Israeli security researcher Moshe Ben Abu -, Microsoft has announced that it is testing a patch to address the flaw.
Though the company refrained from specifying when the emergency fix will be delivered, Jerry Bryant, a senior manager at the Microsoft Security Response Center (MSRC), revealed that the release of the exploit code indicated that a patch might be issued before Microsoft’s April 13-scheduled ‘Patch Tuesday.’
In an advisory on the MSRC blog, Bryant said: “We have seen speculation that Microsoft might release an update for this issue out-of-band. I can tell you that we are working hard to produce an update which is now in testing.”
The IE6 and IE7 users were first cautioned about the flaw last Tuesday when Microsoft appended in its ‘Patch Tuesday’ release that hackers were exploiting the bug.
On Wednesday, Moshe Ben Abu got hold of the attack code from a site which was reportedly using the IE flaw for carrying out “drive-by” attacks; crafted a public exploit, and had it published on the popular Metasploit penetration testing framework.
However, even before Abu posted his exploit, security experts had expressed the opinion that Microsoft would probably ship an ‘out-of-band’ update to fix the vulnerability in case the attack code went public.
Related News
- Symantec’s Greenbaum: Microsoft “may consider” out-of-band patch to fix new IE flaw
- Microsoft to release an “out of band” patch to fix Windows flaw on Monday
- Microsoft issues “out of band” security patch to fix Windows flaw
- Microsoft Patch Tuesday to comprise 11 security bulletins for fixing 25 vulnerabilities
- Microsoft patches eight “important” vulnerabilities in Movie Maker, Excel
- Microsoft to release two ‘critical’ security bulletins this Patch Tuesday
- Microsoft issues Security Advisory for Help flaw in Windows XP, Server 2003
