By Elinor Mills
March 12, 2010
Microsoft said on Friday it is testing a patch to fix a new hole in
Internet Explorer 6 and IE 7 following the release of exploit code on
With the announcement it seems increasingly likely that the company will
be issuing a patch for the hole before the next Patch Tuesday in about
four weeks, if the testing of the patch goes quickly.
Microsoft warned about the hole, which it said was being targeted in
attacks and could allow an attacker to take control of a computer, in an
advisory on Tuesday. The next day, Israeli researcher Moshe Ben Abu
released exploit code for the vulnerability after using clues in a
McAfee blog post to find existing exploit code and pinpointing the
weakness from there.
"We have seen speculation that Microsoft might release an update for
this issue out of band. I can tell you that we are working hard to
produce an update which is now in testing," Jerry Bryant, senior
security communications manager lead at Microsoft, wrote in a post on
the Microsoft Security Response Center blog.
Register now for HITBSecConf2010 - Dubai, the premier
deep-knowledge network security event in the GCC,
featuring keynote speakers John Viega and Matt Watchinski!