In a break from its usual once-a-month update scheme, Microsoft
issued the patch and called on users of Internet Explorer to update
their systems immediately.
The problem came to light in December, but it has taken until
now for the software giant to develop and test the fix. In the
meantime, fraudsters have used the flaw to deceive individuals by
posing as the US Federal Deposit Insurance Corp – a company that
insures US bank accounts.
A link on a spam e-mail received by thousands of bank account
holders directed people to a web site purporting to be that of the
Corporation and asked for personal and financial details to be
provided for the purpose of identification. The flaw in Internet
Explorer allowed the fraudsters to disguise their actual web
address as that of the Federal Deposit Insurance Corp.
The Microsoft update tackles this and two other critical flaws
in Internet Explorer. One could have allowed hackers to take over
computers running the flawed software if their users clicked on or
visited a "hostile" link or web site; another could have allowed
hackers to download programs onto computers running Internet
Explorer when a "hostile" link or web site was utilised.
Internet Explorer users who have not already patched their
systems are advised to
obtain an update from the Microsoft web site.
