A few hours ago Microsoft released a security update for Internet Explorer 6-8 because of a security issue, which had a rating of “Critical”, but those with versions 9 and 10 will be pleased to know that they will be unaffected by this latest security issue.
According to Microsoft there is a vulnerability that could allow a malicious hacker to be able to execute code onto someone’s computer running IE 6-8 remotely giving them the same access as the user. There had already been a similar issue and a fix was recently released to address the issue, but this critical update is said to eradicate the issue once and for all.
It’s recommended that you download and install the update right away by way of the usual process. Don’t worry if you feel you were left vulnerable because this security issue only targeted a small percentage of IE users, but we would advise users not to get too complacent and still install the update, even if the risk is low. However, knowing that a hacker could gain the same rights as the user is considered a pretty high risk to me.
There have already been several websites that have been compromised and as such had spread the malware, but as a way to resolve the issue before Microsoft were able to offer a fix users found themselves downloading Internet Explorer 9-10 before they were ready to do so.
The only worry that we have with this whole thing is how the exploit has been around since early December, which means that this exploit has been left wide open without a patch.
Also See: Internet Explorer bug fallout