The "zero day" flaw allows hackers to gain access to the computers of visitors to infected websites, jeopardising the security of passwords, bank details and other personal information. It is believed that as many as 233,000 web pages have been affected.
Microsoft says its "critical" update will protect users. Christopher Budd, of the software giant's security centre, said the company "encourages all Internet Explorer customers to test and deploy this update as soon as possible".
Mike Reavey, also from the security centre, said: "Even with that, the release Emergency Response process isn't over. There is additional support to customers and additional refinement of our product development efforts."
Microsoft has said that the flaw has been proven to exist only in version 7 of Internet Explorer, but that version 6 and the "beta" release of version 8 are also "potentially vulnerable".
It has estimated that one in every 500 Windows users has been exposed to websites that attempt to exploit the flaw, and that the number of victims was increasing by 50 per cent every day.
Paul Ferguson, a researcher from the software security company Trend Micro, told the BBC that attacks were spreading "like wildfire".
"This vulnerability is being actively exploited by cyber-criminals and getting worse every day," Mr Ferguson said.
The update is available at http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx
Posts
