Microsoft confirms Internet Explorer vulnerability will be patched out of band

Microsoft has issued a statement confirming that it plans to release a patch for a security vulnerability in Internet Explorer which saw Google fall victim to some targeted and sophisticated attacks recently.

George Stathakopoulos, Microsoft Security, confirmed the news in a company blog posting. "Given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves and the escalating threat environment Microsoft will release a security update out-of-band for this vulnerability" said Stathakopoulos. He also added that Microsoft will share specific timing of the release tomorrow.

The vulnerability was unveiled when Google went public that they were targeted in a sophisticated cyber-attack. The breach, involving Internet Explorer 6, resulted in the theft of intellectual property. Due to the attack, and the background behind it, Google announced it will no longer be providing censored results for its Chinese Google search engine. Currently Google offers censored search results as part of an agreement with the Chinese government.

Microsoft has been busy working on a fix for the issues and has decided an out of band patch is required. Whilst it's a rare decision these days, Microsoft could ill afford to wait three weeks until the next "patch Tuesday" on February 9. Stathakopoulos added: "we believe releasing an update out-of-band update is the right decision at this time."

Since the news of the un-patched flaw broke, Microsoft has been on damage limitation. This week Microsoft began urging businesses and consumers to upgrade to Internet Explorer 8, explaining that the security benefits are far greater than that of Internet Explorer 6. Both the French and German governments warned their populations to cease using Internet Explorer due to the un-patched flaw. Currently the flaw exists in Internet Explorer versions 6, 7 and 8 but exploit code is only available for Internet Explorer 6. The patch, when released, will protect all affected versions of Internet Explorer.

Report a problem with article
Previous Story

New Windows Live Wave 4 screenshots emerge

Next Story

Apple releases Boot Camp 3.1, includes Windows 7 support

29 Comments - Add comment