plans to release an out-of-cycle security
patch next week to fix a software flaw that led to the sophisticated
Download.Ject malware attack, company officials disclosed on Wednesday.
The company will release the patch, which is currently being tested, next week as a "critical" security update to provide a "long-term solution to the core vulnerability" that led to the Download.Ject attack.
Dean Hachamovitch, Microsoft group product manager for Internet Explorer, made the announcement, saying the patch would cover IE versions 5.01, 5.5 and 6.0.
The software giant has already released a Trojan detection and removal tool to help PC users clean up after the attack, which targeted well-known software flaws to install keystroke loggers and other malicious code on infected systems.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
In addition to the Trojan detection and removal tool, Microsoft issued a slew of Windows configuration changes aimed at thwarting the Download.Ject attack. Hachamovitch said that those changes did not provide a complete fix to the core vulnerability.
"Our users should have confidence that as long as they're running the latest browser with all the latest security fixes, they will have the most powerful and secure browsing experience," Hachamovitch said.
Microsoft is also testing a clean-up tool for the latest mutant of the MyDoom virus that started squirming through major search engines earlier this week. The virus has been programmed to launch of distributed Denial of Service attacks against the Microsoft.com home page.
When it's released, the tool will be available for download here.