Microsoft moves quickly to fix IE7 risk

Microsoft issued a critical security warning on Tuesday that a malicious exploit is making the rounds and attacking vulnerabilities in Internet Explorer 7, the most popular browser in the world.

The risk is believed to be widespread, given that IE 7 is the latest version of Microsoft's browser and is bundled with XP service pack 3 and also Vista, said Dave Marcus, director of security research and communications for McAfee's Avert Labs.

The AZN Trojan, which has been making the rounds since the first week of December, has the potential of infecting users' systems with a Trojan horse, or 'downloaders' that can download other forms of malware onto a user's system.

Microsoft announced it will release a security patch on Wednesday via its automatic update system to patch users' computers.

Users can potentially become infected in two ways, Marcus said. One is to visit a malicious Web site that already has the malware installed on the site, or visit a legitimate site, in which the attacker has inserted the malicious script to run in the background, leaving visitors unaware their systems have been compromised.

Marcus said: "A lot of Web sites are pushing out this exploit." Some of the infected sites include ones that offer free wallpaper for mobile phones, advertise property or promote products.

Microsoft is encouraging users to update their systems with the patch.

• Share:
• 
• 
• 

Source: Critical IE 7 exploit making the rounds on CNET News

• Tags:
• Microsoft,
• IE7,
• Vista,
• Internet Explorer,
• malware