Microsoft released a patch on Wednesday to its ubiquitous Internet Explorer web-browser, fixing an exploit that could potentially have put millions of users in harm's way.
| MSFT | 29.62 |
"At this time, we are aware only of attacks that attempt to use this vulnerability against Windows Internet Explorer 7," said Christopher Budd, Microsoft security response communications lead, in a statement.
"Our investigation of these attacks so far has verified that they are not successful against customers who have applied the security update. MS08-078 has a maximum severity rating of Critical for all versions of Internet Explorer."
Nonetheless, Microsoft lists Internet Explorer 5.01, 6, and 7 as affected software in its Security Bulletin. It also says separately, in the FAQ section, that Internet Explorer 8 Beta 2 is affected.
The US software giant said security update MS08-078 addresses a vulnerability cyber-criminals can exploit to their advantage.
The threat posed by the IE flaw led Microsoft to mobilize security engineering teams worldwide to deliver a software cure "in the unprecedented time of eight days."
According to researchers at software security firm Trend Micro, attacks based on the vulnerability in the world's most popular Web browser were spreading "like wildfire" with millions of computers already compromised.
Microsoft security researchers estimated that as many as 1 in 500 users of Internet Explorer could have been exposed to malware attempting to exploit the flaw.
Microsoft is urging users of IE to test and deploy this update as soon as possible.


Online distributor for point of sale equipment, TYSSO and Pegasus.