According to Brian Krebs’ Security Fix blog, Microsoft is releasing an out of band patch to fix the critical flaw in all versions of Internet Explorer that we discussed on [GAS] last week. This is great news. While the number of home computers compromised by this attack is only about 1 in 500, security companies have noted sharp increases in the numbers of webservers that are being compromised to serve the malware to spread the infections.
Microsoft is signaling that it plans to ship an emergency software update on Wednesday to fix a dangerous security hole in its Internet Explorer Web browser that thousands of compromised Web sites have been using to install malicious software.
Microsoft says the critical flaw is present in all versions of IE, from IE5 all the way up through IE8 Beta 2. Microsoft estimated that about 0.2 percent of Windows users worldwide may have been exposed to Web sites containing exploits that try to attack this vulnerability.
While one in every 500 IE users may not sound like a large number, Microsoft said the frequency of attacks is increasing dramatically.
Signs that hackers were exploiting an unpatched flaw in all versions of IE showed up the day after this month’s Patch Tuesday. Attackers have begun using this day for exploitation as it gives them the longest lead time until Microsoft gets around to fixing it.
Microsoft has done an excellent job turning out this patch in an emergency. But the hackers will be back at it next week looking for new methods of exploit. And the patch dance goes onward.