Microsoft warns against new IE bug

Zero-day vulnerabilities are rare, mostly because they are hard to identify.

Updated: Sep 18, 2012, 10:59 AM IST

Zeenews Bureau

New Delhi: Microsoft Corp urged users to download a piece of security software to mitigate the risk of newly discovered bug in Internet Explorer web browser that makes PCs vulnerable to hackers.

The bug which allows remote access of infected PCs to hackers, has affected hundreds of millions of Internet Explorer users.

Microsoft asked users to install the security software, known as the Enhanced Mitigation Experience Toolkit, or EMET, as an interim measure. The free security tool can be availed through an advisory posted on its website:

In the advisory issued on its website late on Monday, the software maker urged users to adjust several Windows security settings to thwart potential attackers. However doing so might impact the PC`s usability, Microsoft cautioned.

The EMET software must be downloaded, installed and then manually configured to protect computers from the newly discovered threat, according to the posting from Microsoft.

The IE flaw was discovered by Eric Romang, a Luxembourg researcher on Friday, when his PC was infected by a piece of malicious software known as Poison Ivy that hackers use to steal data or take remote control of PCs.

When analyzed, Poison Ivy had gotten on to his system by exploiting a previously unknown bug, or "zero-day" vulnerability, in Internet Explorer.

Zero-day vulnerabilities are rare, mostly because they are hard to identify - requiring highly skilled software engineers or hackers with lots of time to scrutinize code for holes that can be exploited to launch attacks. Security experts only disclosed discovery of eight major zero-day vulnerabilities in all of 2011, according to Symantec.