Microsoft rushes out software fix to prevent attacks
Washington, September 18, 2013
Microsoft Corp released an emergency software fix for Internet Explorer on Tuesday after hackers exploited a security flaw in the popular Web browser to attack an unknown number of users.
The software maker said on its website it released the software, known as a "Fix It," as an emergency measure to protect customers after learning about "extremely limited, targeted attacks" that made use of the newly discovered bug.
Microsoft said the attacks took advantage of an undiscovered flaw, or "zero day" vulnerability in industry parlance.
State-sponsored hacking groups are often willing to pay hundreds of thousands of dollars for zero-day vulnerabilities in widely used software such as Internet Explorer, according to security experts who track that market.
They typically use them on small numbers of carefully selected, high-value targets, to keep such flaws secret.
Once Microsoft issues a warning about a zero-day bug, other groups of hackers involved in massive cyber-crime operations, such as identity theft, rush to reverse-engineer the Fix Its so they can build computer viruses that also exploit the same vulnerabilities.
Security experts said Internet Explorer users should either immediately install the Fix It or stop using the browser until Microsoft can put out an update, which will be automatically installed through its Windows Update programme.
"With the Fix It out, I'm sure any attacker who is a bit sophisticated can figure out what the flaw is and implement a similar exploit in their own attack toolkit," said Wolfgang Kandek, chief technology officer with the cybersecurity firm Qualys.
"Fix Its" are pieces of software for remediating security flaws that must be downloaded and installed on PCs. They are designed to protect customers while Microsoft prepares official updates, automatically delivered via the Internet to be installed on computers.
Kandek said he expects Microsoft to push out an update to address the issue within two to three weeks.
The Fix It can be installed by clicking on a link on Microsoft's support site. - Reuters
More IT & Telecommunications Stories
- Du joins new global cable consortium
- Kuwait moves to create telecoms watchdog
- Batelco backs Royal Fund for Martyrs
- Egypt's Global Telecom posts $749m Q4 loss
- Red Hat launches open source BPM suite
- Batelco announces new board
- Batelco offers improved broadband
- You don't own phone numbers, warns TRA
- Tech giants back top Qatar ICT event
- Du to provide wifi access in public areas
- Zain finalises $800m, five-year loan facility
- Ooredoo Q4 net profit falls 36pc to $140m
- Mobily, Etisalat team up for LTE roaming
- Batelco approves $84m dividends for 2013
- Etisalat Q4 profit rises 70pc to $394m
- Kenya telecom firm to join Etisalat SmartHub
- Aruba appoints new sales director
- Du enters $1.17 billion financing deals
- VIVA extends 4G LTE offer
- Batelco to update students with latest technologies
- Etisalat SmartHub seals IPX agreement
- Etisalat picks Alcatel for LTE network expansion
- Boeing, QCRI host machine learning forum
- Mobily provides 4G LTE international roaming
- Viva Kuwait, Huawei to set up innovation centre
- Etisalat, Airtel deal to boost network services
- Batelco offers 4G LTE backup solution
- Arbor unveils ‘Peakflow’ solution
- Etisalat launches enterprise mobility services
- STC launches advanced 4G network