Internet Explorer Bug Puts Web Users At Risk
Microsoft Corp is rushing to fix a bug in its widely used Internet Explorer web browser after a computer security firm disclosed the flaw over the weekend, saying hackers have already exploited it in attacks on some U.S. companies.
Microsoft disclosed on Saturday its plans to fix the bug, which targets Internet Explorer versions 9 through 11.
Those versions take up 26.25 percent of the browser market, according to FireEye, the cybersecurity software company that caught the bug.
The bug, however, reportedly affects versions 6 through 11. Together, those versions dominate desktop browsing, accounting for 55 percent of the PC browser market, according to tech research firm NetMarketShare.
Security firms estimate that between 15 and 25 percent of the world's PCs still run Windows XP.
FireEye Inc said that a sophisticated group of hackers have been exploiting the bug in a campaign dubbed 'Operation Clandestine Fox.'
FireEye, whose Mandiant division helps companies respond to cyber attacks, declined to name specific victims or identify the group of hackers, saying that an investigation into the matter is still active. It described the hackers as 'extremely proficient at lateral movement' and 'difficult to track.'
'It's a campaign of targeted attacks seemingly against U.S.-based firms, currently tied to defense and financial sectors.'
FireEye and Microsoft have not provided much information about the security flaw or the approach that hackers could use to figure out how to exploit it, said Aviv Raff, chief technology officer of cybersecurity firm Seculert.
The software maker said in a statement to Reuters that it advises Windows XP users to upgrade to one of two most recently versions of its operating system, Windows 7 or 8.