Microsoft has released an emergency patch to fix the Internet Explorer vulnerability that allowed the recent attack on Google and other major companies. The patch is being released outside Microsoft’s regular update schedule in an attempt to resolve the issue as quickly as possible.
In addition to fixing what has come to be known as the ‘Aurora’ exploit, the patch also resolves seven other vulnerabilities in Internet Explorer. But, according to Jerry Bryant, senior security program manager at Microsoft, the company has been aware of Internet Explorer vulnerabilities for at least four months.
“This Internet Explorer security update was already planned for release in February. When the attack discussed in Security Advisory 979352 was first brought to our attention on Jan 11, we quickly released an advisory for customers three days later. As part of that investigation, we also determined that the vulnerability was the same as a vulnerability responsibly reported to us and confirmed in early September,” Bryant said in a blog post.
Although Microsoft claimed that the exploit only affected IE6, the severity rating is given as ‘Critical’ for IE5, IE6, IE7 and IE8 in the Microsoft security bulletin issued yesterday. The patch is available through Windows Update and the Windows Download Centre.
Click to enlarge
Meanwhile, Mozilla Manager of Analytics Ken Kovash reports a huge spike in Firefox downloads in Germany after the German government issued a warning against Internet Explorer. “There has been a huge increase in the number of Firefox downloads from IE users in Germany,” he said. “As the chart highlights, the orange area adds up to just over 300,000 downloads during the recent Friday-Monday period.”