Follow us:

Microsoft Pri0

Welcome to Microsoft Pri0: That's Microspeak for top priority, and that's the news and observations you'll find here from Seattle Times technology reporter Matt Day.

December 16, 2008 at 9:59 AM

Unpatched flaw in Internet Explorer prompts calls to change browsers until fix issued

The BBC and others are reporting today on a security vulnerability in Internet Explorer 7 — though earlier versions of the Microsoft Web browser also have the same flaw — that has yet to be patched. Microsoft has been working on it since at least Wednesday, when it published a security bulletin explaining the flaw.

Update, 12:40 p.m.: Microsoft says it has a security update for this vulnerability. It will be released Wednesday morning at 10 a.m. via Automatic Updates and Microsoft Update. More after the jump.

The BBC cites security experts who are advising users of IE to switch to another browser, such as Firefox or Safari, until the flaw is corrected.

“If users can find an alternative browser, then that’s good mitigation against the threat,” Rick Ferguson, senior security advisor at Trend Micro, told the BBC.

If people follow this advice, it could be an additional blow to Microsoft, which has watched its once dominant share of the browser market erode in recent years. As recently as 2004, Internet Explorer had more than 90 percent of the browser market. In summer, IE’s market share was 73 percent, Firefox had 19 percent and Apple’s Safari had 6 percent, according to Net Applications.

According to a Microsoft blog post last week, there were still “limited attacks seeking to load malicious software on vulnerable systems.”

Microsoft is “actively investigating the vulnerability that these attacks attempt to exploit” and suggests a number of workarounds and suggestions for minimizing the vulnerability at its security Web page.

Update, 12:40 p.m.: Microsoft is calling its response to the threat “unprecedented.” “Microsoft immediately mobilized security engineering teams worldwide to develop, test and deliver a security update of appropriate quality for worldwide distribution in the unprecedented time of eight day,” the company said in a statement.

Click here for more details on the fix and two Web casts the company has planned for Wednesday and Thursday to answer questions on the topic.

Comments | More in Internet Explorer, Security & privacy

COMMENTS

No personal attacks or insults, no hate speech, no profanity. Please keep the conversation civil and help us moderate this thread by reporting any abuse. See our Commenting FAQ.



The opinions expressed in reader comments are those of the author only, and do not reflect the opinions of The Seattle Times.


The Seattle Times

The door is closed, but it's not locked.

Take a minute to subscribe and continue to enjoy The Seattle Times for as little as 99 cents a week.

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited seattletimes.com content access is included with most subscriptions.

Subscriber login ►
The Seattle Times

To keep reading, you need a subscription upgrade.

We hope you have enjoyed your complimentary access. For unlimited seattletimes.com access, please upgrade your digital subscription.

Call customer service at 1.800.542.0820 for assistance with your upgrade or questions about your subscriber status.

The Seattle Times

To keep reading, you need a subscription.

We hope you have enjoyed your complimentary access. Subscribe now for unlimited access!

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited seattletimes.com content access is included with most subscriptions.

Activate Subscriber Account ►