Moneycontrol PRO

HomeNewsWorldMicrosoft rushes out software fix to stop browser attacks

Microsoft rushes out software fix to stop browser attacks

The software maker said on its website it released the software, known as a "Fix It," as an emergency measure to protect customers after learning about "extremely limited, targeted attacks" that made use of the newly discovered bug.

September 18, 2013 / 20:05 IST

Follow Us On Google

Add as a Preferred Source on Google

Microsoft Corp released an emergency software fix for Internet Explorer on Tuesday after hackers exploited a security flaw in the popular Web browser to attack an unknown number of users.

Also Read: Microsoft urged to put Mulally, Lawrie on CEO shortlist

The software maker said on its website it released the software, known as a "Fix It," as an emergency measure to protect customers after learning about "extremely limited, targeted attacks" that made use of the newly discovered bug.

Microsoft said the attacks took advantage of an undiscovered flaw, or "zero day" vulnerability in industry parlance.

State-sponsored hacking groups are often willing to pay hundreds of thousands of dollars for zero-day vulnerabilities in widely used software such as Internet Explorer, according to security experts who track that market.

Related Stories

They typically use them on small numbers of carefully selected, high-value targets, to keep such flaws secret.

Once Microsoft issues a warning about a zero-day bug, other groups of hackers involved in massive cyber-crime operations, such as identity theft, rush to reverse-engineer the Fix Its so they can build computer viruses that also exploit the same vulnerabilities.

Security experts said Internet Explorer users should either immediately install the Fix It or stop using the browser until Microsoft can put out an update, which will be automatically installed through its Windows Update program.

"With the Fix It out, I'm sure any attacker who is a bit sophisticated can figure out what the flaw is and implement a similar exploit in their own attack toolkit," said Wolfgang Kandek, chief technology officer with the cybersecurity firm Qualys Inc .

"Fix Its" are pieces of software for remediating security flaws that must be downloaded and installed on PCs. They are designed to protect customers while Microsoft prepares official updates, automatically delivered via the Internet to be installed on computers.

Kandek said he expects Microsoft to push out an update to address the issue within two to three weeks.

first published: Sep 18, 2013 08:40 am

Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!

Subscribe to Tech Newsletters

Al Edge Newsletter On Saturdays

Find the best of Al News in one place, specially curated for you every weekend.
MC Tech 3 Newsletter Daily-Weekdays

Stay on top of the latest tech trends and biggest startup news.

Subscribe

Advisory Alert: It has come to our attention that certain individuals are representing themselves as affiliates of Moneycontrol and soliciting funds on the false promise of assured returns on their investments. We wish to reiterate that Moneycontrol does not solicit funds from investors and neither does it promise any assured returns. In case you are approached by anyone making such claims, please write to us at grievanceofficer@nw18.com or call on 02268882347