We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Microsoft patches IE flaws

Vulnerabilities allow hackers access to all versions of Windows browser

Microsoft has released a new security patch to fix three known Internet Explorer vulnerabilities that have been exploited to attack internet users.

The fix includes a change in the basic authentication functionality in IE that Microsoft announced last week. After the patch is installed, the web browser no longer supports the handling of usernames and passwords embedded in web URLs using the '@' symbol, Microsoft says in a statement.

The security update was released yesterday, outside of Microsoft's regular monthly patch cycle, because of the seriousness of the issues, says Mike Reavey, a Microsoft security program manager. Microsoft's official patch day this month is Tuesday 10 February.

One of the three newly patched issues is rated 'critical' by Microsoft, while two are 'important'. By taking advantage of two of the security flaws, attackers can run or save arbitrary code on a user's PC. Another flaw allows an attacker to spoof a website address and potentially trick users into providing personal information.

Microsoft has been criticised for not delivering a fix sooner. Its representatives say they are providing the security update as soon as possible after completing development and testing.

In Microsoft's rating system for security issues, vulnerabilities that could allow a malicious internet worm to spread without any action required on the part of the user, are rated critical. Issues that will not lead to the spread of a worm without any action taken by the user, but could still expose user data or threaten system resources, are rated important.

The problems affect all currently supported versions of Internet Explorer on all currently supported operating systems. Users are urged to install the patch immediately.

IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model