14 DAY TRIAL // Microsoft confirmed yesterday that a zero-day Internet Explorer 9 vulnerability puts users' data at risk and admitted that an official fix would only come in a few days.
The company however released a security advisory and a workaround to help users stay on the safe side, although security companies across the world said that installing a new browser is a much better idea.
Microsoft stepped in front of the media today to reveal that only a few attempts to exploit the issue have been reported, so changing the browser isn't quite necessary. Still, a fix will be released in a few days and it won't require advanced computer skills to be installed. It doesn't even need a computer reboot, Microsoft said in a blog post.
In the meantime however, users are recommended to follow the steps in the advisory and to update their antivirus software.
“There have been an extremely limited number of attacks—the vast majority of Internet Explorer users have not been impacted,” Yunsun Wee, director, Microsoft Trustworthy Computing, said.
“We are working on an easy-to-use, one-click fix that will be released in the next few days, but in the meantime we recommend customers make sure their antivirus software is up-to-date. For more information on staying safe online, please visit Microsoft’s Safety and Security Center,” he added.
The new IE vulnerability allows the spread of the Posion Ivy backdoor trojan and affects Windows XP, Vista and 7 running Internet Explorer 7, 8 and 9. Internet Explorer 10, the Windows 8-installed version, is not affected.
More information on the security advisory released yesterday, including the official workaround, is available here, while details on the zero-day vulnerability can be read here.