A serious vulnerability issue affecting Internet Explorer versions 6, 7 and 8 has been discovered by a company called Elderwood which has the backing of Symantec. A patch was release in the form of a hot-fix earlier this month but a more permanent patch is being rolled out. Those with automatic updates will have this installed automatically and those that have already applied the fix will not need to uninstall the previous hot fix.
The problem is a memory corruption issue that can be caused by simply visiting a website where this “drive-by” download affects the hosts by delivering malware. The Redmond based software giant are not know for delivering patches outside of their normal schedule unless they deem the threat very high. While only a limited number of customers have been infected, the risk is still extremely high and the patch will be made available at 10am PST.
Elderwood, the group responsible for detecting the threat, said that it detected similarities in the attack code with that of other attack codes. The group have discovered nine other threats since 2009 and typically targets IT companies, defence contractors, human rights groups and other non-governmental organisations.