Published September 19, 2012
Microsoft (MSFT) warned of a newly-discovered bug in its Internet Explorer 9 browser late Monday that could make computers vulnerable to hacking attempts and viruses.
The flaw impacts hundreds of millions of Internet Explorer users and as many PCs but does not impact Internet Explorer 10, Microsoft said.
“We have received reports of only a small number of targeted attacks and are working to develop a security update to address this issue,” Microsoft’s director of the Trustworthy Computing Group, Yunsun Wee, said on the company’s official corporate security response blog.
The maker of Windows software advised customers late Monday to install free security software as a precaution as it tries to fix the bug and develop a new, uncompromised version of Internet Explorer.
Microsoft said it will release a fix to the bug over the next few days.
"While we have only seen a few attempts to exploit the issue, impacting an extremely limited number of people, we are taking this proactive step to help ensure Internet Explorer customers are protected and able to safely browse online," Wee said.
The company said it has been monitoring the threat landscape very closely and has been posting updates to both its Microsoft Security Response Center blog and on Twitter at @MSFTSecResponse.
Installing the enhanced Mitigation Experience Toolkit may protect PCs from malicious websites that give hackers the ability to crack into and take over the computer system. Microsoft said the software should not affect the usability of websites.
While losing ground in recent years to Google's (GOOG) Chrome and FireFox, Internet Explorer continues to be one of the world's most widely-used browsers.
Redmond, Wash.-based Microsoft encouraged customers to follow its “protect your computer” guidance of enabling a firewall, apply all software updates and install anti-virus and anti-spyware software.
The company said Internet and local intranet security zone settings should be set to “high” to block ActiveX Controls and Active Scripting in these zones, however the browser must first be configured.
“We also encourage folks to exercise caution when visiting websites and avoid clicking suspicious links, or opening email messages from unfamiliar senders,” Wee said.