Earlier on this week, Neowin.net covered the Patch Tuesday vulnerability fixes; now Symantec has reported that hackers have begun to exploit the bug on un-patched machines. Reports suggest that the hackers were successful in exploiting the vulnerability only three days after Patch Tuesday
Usually when vulnerabilities are published in Microsoft's reports regarding Patch Tuesday, there is the expectation that hackers will use that information and usually be successful within 30 days. However in this case, there has been some surprise that the individuals have done it in a significantly less amount of time.
The vulnerability itself stems from Microsoft's Internet Explorer browser, version 8 and below, that was originally discovered back in January by a bounty hunter according to InfoWorld. The IE bug, which was placed as the most important update on Patch Tuesday by security analysts, causes issues due to its ability to automatically download malicious files. Symantec's Joji Hamada stated that, "we have only seen limited attacks taking advantage of this vulnerability and believe that the exploit is only being carried out in targeted attacks at present".
While for a minority who use other browsers and operating systems, a large amount of worldwide browser usage remains with Internet Explorer six, seven and eight. This incident only highlights the importance of updating a computer's files as soon as a patch becomes available because the longer a security hole is left exposed, the more risk there is to the user.
Image Source: pcworldme.net
41 Comments - Add comment