Users of Microsoft’s Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed.
The flaw in Microsoft’s Internet Explorer could allow criminals to take control of people’s computers and steal their passwords, internet experts say.
Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it.
“Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer,” said the firm in a security advisory alert about the flaw.
Microsoft says it has detected attacks against IE 7.0 but said the “underlying vulnerability” was present in all versions of the browser.
Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable to the flaw Microsoft has identified.
As many as 10,000 websites have been compromised since last week to take advantage of the security flaw, said antivirus software maker Trend Micro.
The websites have been mostly serving up programs that steal computer game passwords, but the flaw could be “adopted by more financially motivated criminals”, a Trend Micro security researcher said on Monday.
Richard Cox, chief information officer of anti-spam body The Spamhaus Project and an expert on privacy and cyber security, echoed Trend Micro’s warning.
“It won’t be long before someone reverse engineers this exploit for more fraudulent purposes. Trend Micro’s advice of switching to an alternative web browser is very sensible,” he said.
A temporary workaround utility has been made available by British security firm, Prevx until Microsoft get around to plugging the security hole. You need to download and run the utility. It disables (unregisters) the affected component, OLEDB32.DLL, which will need re-registering again should any applications stop working. The tool will do this for you if you run it again.
It should be noted that simply avoiding using Internet Explorer may not be enough to protect you from this flaw. According to, Jacques Erasmus, Prevx’s Head of Research, “Just avoiding using IE will not protect user’s computers as malicious code targets users through a number of other means also.”