Microsoft has recently released a full security update for Internet Explorer 8 and older versions that patches a flaw which could allow attackers to take control of a vulnerable system.
Even though security companies across the world have warned several times that the number of websites compromised to exploit the flaw is continuously increasing, Microsoft said it had recorded “only a limited number of attacks,” but it admitted that “the potential exists that more customers could be affected.”
“The majority of customers have automatic updates enabled and will not need to take any action because protections will be downloaded and installed automatically. For those manually updating, we strongly encourage you to apply this update as quickly as possible,” Dustin Childs, group manager, Trustworthy Computing, said in a blog post.
As always, Microsoft continues to recommend users to make the move to Internet Explorer 9 or 10, as these two particular versions are not affected by the flaw.
Consumers who have applied the “Fix it” tool released by Microsoft a couple of weeks ago do not need to uninstall it, Microsoft explained.
“However, the Fix it is no longer needed after the security update is installed, so we are recommending that you uninstall it after you have applied the update to your system,” Childs added.
Security vendor Exodus Intelligence managed to bypass Microsoft’s first “Fix it” application in order to compromise a fully-patched system, so a full security update was the only way to deal with the flaw.
More information on the way the security researchers bypassed the patch is expected to be provided in a few hours, as Exodus decided to give Microsoft some time to address the issue before releasing any other details.
As always, the new Internet Explorer security fix is delivered via the built-in Windows Update, so users have basically nothing to do if this option is enabled.