Microsoft promises fix for IE security flaw in next few days

The software giant says it has seen only a few attempts to exploit the weakness, which affects users of Internet Explorer versions 6 through 9.

Microsoft said today it will issue a fix soon for a security flaw that affects users of Internet Explorer versions 6 through 9.

Uncovered this past weekend, the security hole could compromise the PCs of IE users who surf to a malicious Web site. The flaw is being actively exploited to deliver a back-door trojan known as "Poison Ivy."

The software giant said in a security advisory this afternoon that a solution to the flaw would be released in the next few days.

"While we have only seen a few attempts to exploit the issue, impacting an extremely limited number of people, we are taking this proactive step to help ensure Internet Explorer customers are protected and able to safely browse online," Yunsun Wee, the director of Microsoft's Trustworthy Computing initiative, said in the post.

Microsoft said the fix would be an "easy-to-use, one-click, full-strength solution" that any IE user could install, promising "it will provide full protection against this issue until an update is available."

While it works on a fix for the flaw, Microsoft issued a security advisory offering several recommendations to help IE users avoid being victims of the zero-day exploit. In addition to running updated antivirus and antispyware software and using a firewall, Microsoft suggests installing its Enhanced Mitigation Experience Toolkit, which tries to ward off attacks on software holes by putting up a wall of security obstacles that the malware writers must circumvent.


Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

Don't miss out

Join CNET for an exclusive live-stream chat with Google Lunar XPrize teams

Five representatives from the finalist Milestone teams will tell us how they plan to get to the moon and win $30 million next year. You won't want to miss this exclusive CNET event.