The major press outlets are abuzz this morning with news of a major new security flaw that affects all versions of Internet Explorer from IE5 to the latest beta of IE8. The attack has serious and far-reaching ramifications — and they’re not just theoretical attacks. In fact, the flaw is already in wide use as a tool to steal online game passwords, with some 10,000 websites infected with the code needed to take advantage of the hole in IE.
Update: December 17, 2008 7:02am CST
Microsoft plans to release an update to correct the patch later today. At the time of this writing Microsoft was still not advising users switch browsers despite suggestions by several research analysts covering the extent of the vulnerability.
According to Microsoft’s emergency security bulletin, “This is an advance notification of an out-of-band security bulletin that Microsoft is intending to release on December 17, 2008.”