The software giant says it has seen only a few attempts to exploit the weakness, which affects users of Internet Explorer versions 6 through 9.
Steven Musil | cnet
Microsoft said today it will issue a fix soon for a security flaw that affects users of Internet Explorer versions 6 through 9.
Uncovered this past weekend, the security hole could compromise the PCs of IE users who surf to a malicious Web site. The flaw is being actively exploited to deliver a back-door trojan known as “Poison Ivy.”
The software giant said in a security advisory this afternoon that a solution to the flaw would be released in the next few days.
“While we have only seen a few attempts to exploit the issue, impacting an extremely limited number of people, we are taking this proactive step to help ensure Internet Explorer customers are protected and able to safely browse online,” Yunsun Wee, the director of Microsoft’s Trustworthy Computing initiative, said in the post.
Microsoft said the fix would be an “easy-to-use, one-click, full-strength solution” that any IE user could install, promising “it will provide full protection against this issue until an update is available.”
While it works on a fix for the flaw, Microsoft issued a security advisory offering several recommendations to help IE users avoid being victims of the zero-day exploit. In addition to running updated antivirus and antispyware software and using a firewall, Microsoft suggests installing its Enhanced Mitigation Experience Toolkit, which tries to ward off attacks on software holes by putting up a wall of security obstacles that the malware writers must circumvent.