The security hole exists in all versions of Internet Explorer except the latest test version of IE9. According to security experts, it is unlikely that the problem can be exploited even in IE8 as the browser has a new technology that prevents the execution of malicious code.
IE6 and IE7, on the other hand, are at risk and the problem has increased in size in recent days as several hacking tools have included features to exploit the latest security hole.
It is very easy for hackers to exploit the security hole as all that is needed is to trick a user into visiting a web page that contains malicious code in order for the user’s computer to be infected.
According to Roger Thompson of security firm AVG Technologies, code to exploit the security hole has been added to the Eleonore hacking tool. A popular hacking tool that can be purchased for a few hundred dollars.
– This raises the stakes considerably. Anyone can buy a hacking tool for a few hundred dollars and then they can easily perform quick attacks against users of IE6 and IE7, says Roger Thompson.
Microsoft stated last week that the company promised a bug fix, however, Microsoft does not consider the problem to be serious enough to advance an update. The monthly update from Microsoft released today will not contain a bug fix for the problem with IE.
According to Roger Thompson, Microsoft is making a mistake by not taking the problem seriously.
– I think Microsoft has to release an unplanned update as soon as possible. I think the number of attacks exploiting the security hole will increase, says Roger Thompson.
Until an update is available, Microsoft urges its customers to run the Fix It security program. The workaround only works on IE7. Alternatively, users of IE6 and IE7 should upgrade to IE8 to reduce the risk of being exposed to an attack.
Competing browsers such as Firefox, Chrome, Safari and Opera are not affected by the security hole.