Microsoft has issued a temporary software fix for a new vulnerability discovered on their Internet Explorer web browser.
According to the BBC's report, attackers are exploiting this weakness by installing the Poison Ivy trojan, which has since affected millions of IE users worldwide. The malware is designed to steal users' personal data or to enable attackers to control their victims' computers remotely.
Based on Microsoft's Security Advisory 2757760, the remote code execution vulnerability only affects IE 9 and earlier versions, but not IE 10. Microsoft is currently working on a security update to fix the problem.
"We will release a Fix it in the next few days to address an issue in Internet Explorer, as outlined in the Security Advisory 2757760 that we released yesterday. While we have only seen a few attempts to exploit the issue, impacting an extremely limited number of people, we are taking this proactive step to help ensure Internet Explorer customers are protected and able to safely browse online.
The Fix it is an easy-to-use, one-click, full-strength solution any Internet Explorer user can install. It will not affect your ability to browse the Web, and it will provide full protection against this issue until an update is available. It won’t require a reboot of your computer.This Fix it will be available for everyone to download and install within the next few days. Until then, we encourage folks to review the advisory and follow the other mitigations listed there."
- Yunsun Wee, Director, Trustworthy Computing
This security flaw was first discovered by Luxembourg-based security expert, Eric Romang, when his computer was infected by the Poision Ivy malware last week. Since then, Microsoft has been advising users to download the Enhanced Mitigation Experience Toolkit (version 3.0) as a temporary countermeasure. However, experts warned that this application must be downloaded and configured manually, and this could be daunting for end-users who are less savvy.
A proper fix by Microsoft is expected to take about week. In the meantime, web browsers such as Google's Chrome and Mozilla's Firefox are viable alternatives till this bug in IE is fully addressed.