That is the word from Microsoft, by way of PC Advisor. The problem will persist a while longer, but thankfully it only affects versions 6 and 7, so those that must use some form of Microsoft browser can use IE8. (Or 9 beta if you have the OS for it…)
A flaw in Internet Explorer 6 and 7 that allows hackers to run any program remotely on a PC without the user’s knowledge will not be fixed in Microsoft’s security update this month.
Compared to last month’s bumper update that fixed a record 49 bugs, November’s Patch Tuesday, which will be issued next week, will only fix 11 vulnerabilities via three bulletins.
The patch for Office for Windows is rated ‘critical’ while the patches for Office for Mac 2011 and Forefront Unified Access Gateway have been labelled ‘important’.
According to Symantec, Hackers use an email with a link that when clicked on identifies whether the web user’s browser is IE6 or IE7. If so, the script transfers the visitor unknowingly to a malicious website where the malware infects their PC, subsequently allowing hackers to run programs remotely.
Microsoft confirmed it is aware of the flaw and in an advisor said it was investigating the vulnerability.
"We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs aware of the vulnerability and posted an advisory"
Symantec said it has already identified incidences where the flaw is being exploited but did not know "the number of compromised machines".
"The threat does not appear to be targeting any one specific industry," Symantec said.
It’s nice to sit on the sidelines, knowing each month that I’ve been relieved of a great many problems by using Opera, or Iron, as my browser, and avoiding all the problems that are coming with use of the Microsoft browsers.
Things are looking up though, as there are no patches for any Microsoft operating system this month. I’m not certain if that means the hackers are taking time off or the final bugs are getting harder to exploit. Either way, it is great news, and worthy of small celebration.
≡≡≡≡≡≡≡≡≡≡ Ḟᴵᴺᴵ ≡≡≡≡≡≡≡≡≡≡