Microsoft said it has decided to release an out-of-band emergency update for Internet Explorer to block ongoing attacks targeting IE users on corporate networks.
In a message on the Microsoft Security Response Center blog, Microsoft's George Stathakopoulos said ongoing attacks have been limited but successful against users of IE 6, a version still used in many enterprises using proprietary Web applications.
"Given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves and the escalating threat environment Microsoft will release a security update out-of-band for this vulnerability," Stathakopoulos, general manager of Microsoft's Trusted Security group, wrote in the MSRC blog. "We continue to recommend customers update to Internet Explorer 8 to benefit from the improved security protection it offers,"
Additional details, including the timing of the release will be announced today, Stathakopoulos said.
Microsoft engineers have been busy building and testing an IE patch when high-profile attacks against corporate networks surfaced last week. Google and Adobe Systems Inc. announced that their empoloyees had been targeted in a wave of malicious email messages containing malware or links to attack websites.
An analysis of the malware conducted by McAfee discovered that the attacks attempt to exploit the Internet Explorer zero-day vulnerability. Although attacks of this nature aren't new, experts say the sophisticated social engineering tactics are cause for concern. They say more than 30 other enterprises experienced similar targeted attacks.