[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Monday, 25 September 2006, 11:23 GMT 12:23 UK
Browser bug could get early patch
Filofax full of personal information, Eyewire
The bug is being used to steal personal information
Microsoft is considering the early release of a fix for a bug in Internet Explorer that malicious hackers are actively exploiting online.

The software giant usually only releases patches once a month but said it might put the fix out sooner if the problem grew severe enough.

Via the bug, hackers can take over Windows machines and implant spyware or bombard people with unwanted adverts.

Independent, unofficial patches have already appeared from security firms.

Patch protection

The bug in the Internet Explorer browser was discovered by anti-spyware firm Sunbelt Software on 21 September. It found that hackers could exploit weaknesses in the way that Microsoft's browser handles vector graphics to hijack Windows PCs.

One site found by Sunbelt used this vulnerability to install huge amounts of spyware and adware on a PC even though the machine was patched with the latest updates.

Since the discovery, more websites have been discovered using the exploit to hijack PCs, install key-loggers or other unwanted programs.

On its security blog, Microsoft acknowledged the discovery of the browser bug and said it was monitoring the situation. So far, it said, there was no indication that attacks mounted via the bug were "dramatic and widespread".

However, it said, this situation could change and it would release the patch earlier than the scheduled date of 10 October if it was warranted.

"The primary driver here is quality and protecting customers, not adherence to the monthly schedule," read the blog.

Patches have already started to appear from security firms including one from the newly created Zeroday Emergency Response Team (Zert).

This loose coalition of security researchers aims to produce fixes for bugs for which there are no official patches.

However, Microsoft said it could not endorse the patch from Zert or any other security firm.


SEE ALSO
Browser flaw seen on porn sites
21 Sep 06 |  Technology
Hackers target latest Windows fix
16 Aug 06 |  Technology
Microsoft debuts security package
31 May 06 |  Technology

RELATED INTERNET LINKS
The BBC is not responsible for the content of external internet sites



FEATURES, VIEWS, ANALYSIS
Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit
  • Back to top ^^
  • Americas Africa Europe Middle East South Asia Asia Pacific