Microsoft has issued a warning about a serious vulnerability in all versions of its Internet Explorer browser. The IE Bug Gives Hackers Control Over Your PC, says Microsoft.
"As vulnerabilities go, this kind is the most serious as it allows remote execution of code," said Rik Ferguson, a senior security analyst at Trend Micro. "This means the attacker can run programs, such as malware, directly on the victim's computer."
Although the company said it would patch the problem, it is not planning to rush out an emergency update.
"The issue does not currently meet the criteria for an out-of-band release," said Carlene Chmaj, a spokeswoman for the Microsoft Security Response Center (MSRC), in an entry on the center's blog. "However, we are monitoring the threat landscape very closely and if the situation changes, we will post updates."
The vulnerability in IE6, IE7 and IE8 surfaced several weeks ago when French security firm Vupen disclosed a flaw in IE's HTML engine. Tuesday, researchers posted a video demonstration of an attack, and added a reliable exploit to the Metasploit penetration toolkit.
Sources:
Google
BBC World News
