AOL security experts are at work to adapt a minor upgrade for Explorer 3.0 to plug security holes that could let hackers wreak havoc on an unsuspecting user's PC. The fix was issued by Microsoft about three weeks ago, but the online service said it only recently got the code from Microsoft and is working to customize it to run in the AOL environment. In addition, the experts are running the upgraded browser, version 3.02, through a series of security tests, the company said.
"Until we are fully confident that it will maintain its security integrity, we won't announce it," AOL spokeswoman Wendy Goldberg said of the Explorer upgrade.
"As soon as it [the debugged version] is ready, it will go up. They are working as fast as they can," she added, declining to say how soon the new version will be ready. "Until then, we tell users to be very vigilant."
The company has posted a message on its welcome page advising subscribers that the patch is being tested. It is the fist reference the company has made to the security problems. Goldberg said AOL opted not to bring the bugs to the attention of its subscribers when they were first discovered because the company felt Microsoft had done enough to get out initial word of the problems.
About 200,000 of AOL's 8 million members use that particular version of the Microsoft browser, according to Goldberg.
The security flaw could allow a skilled hacker to change data or wipe out files on the user's system, experts maintain. There have not been reports of actual attacks, according to Microsoft and AOL.
Microsoft last month moved to address the security problems with a couple of patches to versions 3.0 and 3.1 of the Explorer. The company this week released a preview of a major upgrade, version 4.0. However, it has cautioned users that it will not be ready for widespread deployment until the summer. Company representatives added that only seasoned developers should consider test-driving the product before then.