Microsoft Confirms Security Breach In IE 9, Earlier Versions


Microsoft is warning Internet Explorer users that a vulnerability has been discovered in the Web browser that could corrupt a PC's memory and allow hackers to execute malicious code.

Microsoft said the security risks apply to Internet Explorer 9 and earlier versions but will not affect Internet Explorer 10 on the Windows 8 preview release. A security patch is in the works, but Microsoft didn't specify whether it would be available as soon as possible or be rolled into its October release of monthly security updates.

"On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs," Microsoft wrote on its Security TechCenter website.

[Related:
Microsoft, Trend Micro Roll Out New SMB Security Alliance
]

The Redmond, Wash., software giant said it has received reports of "only a small number of targeted attacks" but is encouraging IE users to enable firewalls, apply the most recent software updates, and install antivirus software to help minimize the risk of attack.

According to a report from the Associated Press, Germany's Federal Office for Information Security was one of the first to warn users of the breach, saying Internet Explorer's "weak point is already being used for targeted attacks." The agency also warned that the malicious code enabling the breach is available openly online, meaning attacks could happen quickly and become more widespread.

The Federal Office for Information Security also urged current IE users, especially those running a Windows XP or Windows 7 operating system, to use alternative Web browsers until a patch is available.

The agency said hackers will most likely try to lure IE users to an infected website, at which point they can seize control and compromise users' PCs.

PUBLISHED SEPT. 18, 2012