Friday, January 22, 2010

Microsoft Makes IE More Secure

The Wall Street Journal

Microsoft Corp. on Thursday released a software patch for its Internet Explorer Web browser that it says will plug a security hole believed to have been exploited in cyberattacks on Google Inc. and other companies in China.

In a message posted to a Microsoft security Web site, the Redmond, Wash., company said the software patch fixes eight holes in Internet Explorer, including the "remote code execution" vulnerability that is believed to have played a role in the China hacking incidents. That vulnerability could allow hackers to take control of a personal computer after a user visits a Web site loaded with malicious code.

The security hole in Internet Explorer—the most commonly used Web browser and a perennial target for hacker attacks— had prompted warnings by governments around the world, including recommendations by agencies in France and Germany, for people to use alternative Web browsers until Microsoft could issue a fix. Competing browser providers such as Mozilla and Opera Software SA, said they experienced a spike in downloads in France and Germany in the days after the warnings in those countries.

"Beyond the normal update process, Microsoft has prepared a comprehensive patch that addresses the current security problems," said Matthias Gärtner, a spokesman for Germany's Federal Office for Information Security. "What's important now is that users take note."

Microsoft said on its security Web site that it has seen only "limited and targeted attacks" exploiting the vulnerability in an older version of its browser, Internet Explorer 6, but it still recommends that "customers deploy this security update as soon as possible to protect themselves against the known attacks."

The company said the other seven security vulnerabilities fixed by the software patch weren't previously disclosed publicly.