Microsoft issues an Internet Explorer patch

SOFTWARE HOUSE Microsoft has released a temporary patch for its Internet Explorer (IE) web browser.

The patch fixes a vulnerability that could allow cyber criminals to install the Poison Ivy Trojan that steals user data and can be used to control users' PCs.

Present in all versions of Internet Explorer except IE 10, the vulnerability was spotted by Luxembourg based security expert Eric Romang when his PC was infected by the Poison Ivy Trojan last week.

"Today we have released a Fix it that is available to address that issue," Microsoft Trustworthy Computing director Yunsun Wee said in a post on the software company's Security Response Centre blog.

"This is an easy, one-click solution that will help protect your computer right away. It will not affect your ability to browse the web, and it does not require a reboot of your computer."

Before releasing the fix, Microsoft had suggested workarounds such as disabling Active X controls and Active Scripting or downloading its Enhanced Mitigation Experience Toolkit.

The firm had also suggested that users should change the security zone settings on the IE web browser to "high" and run IE in a restricted mode to ensure that attacks remained unlikely.

Microsoft said it will follow up the temporary bug fix with a full IE update available through its Windows Update feature on Friday.

Typically, Microsoft issues security patches on a monthly basis, as part of its Patch Tuesday programme. But it has taken the unusual step of releasing this IE update after attacks based on the previously unknown vulnerability were found in the wild.

The company will field customer questions on the security bulletins via a webcast on 21 September at 12pm Pacific Time. Those not wishing to wait until Friday for the patch can install the fix via Microsoft's Technet blog entry. µ