via Gizmodo UK


Microsoft has issued an emergency security patch to fix the 'critical vulnerability' in its Internet Explorer (IE) browser.

The AZN Trojan has been around for weeks and infected as many as 10,000 websites and hit up to 2 million IE 7 users so far. When users visited the sites, key-logging downloaders would automatically infect users' PCs to record keystrokes in order to steal passwords or credit card details. What's more, infected Web sites were not confined to so-called 'dodgy' sites but also some [unnamed] financial institutions.

Here's what Microsoft says regarding the flaw and the patch:

This security update resolves a publicly disclosed vulnerability. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. This security update is rated Critical for Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, and Internet Explorer 7.

The security update addresses the vulnerability by modifying the way Internet Explorer validates data binding parameters and handles the error resulting in the exploitable condition.

IE - which is used by around 70% of all surfers - is not the only browser to suffer security breaches and flaws but it certainly gets hammered more than most. Mozilla, makers of Firefox, has just released a regular update for Firefox 2 that fixes around 10 vulnerabilities. It is, however, telling fans of the browser to update to Firefox 3 as version 2 will be getting no more security updates or patches.

That said, trying out Firefox [v3], Chrome, or Opera [among others] - apart from being better browsers - seems like a safer bet than IE, and not for the first time.