Microsoft sees ‘huge increase’ in IE attacks
December 17, 2008 Computer News
Microsoft Corp issued a warning of a “huge increase” in attacks abusing a critical unpatched vulnerability in Internet Explorer (IE) and said some originated from hacked pornography 
sites. Other researchers confirmed that attacks were increasingly coming from compromised Web sites. Microsoft noted the upswing in attacks on its Malware Protection Center Blog.
Hackers have been exploiting a data binding bug in IE. The susceptibility, which exists in all versions of the Microsoft browser, including IE5.01, IE6, IE7 and IE8 Beta 2, has so far been exploited only by attack code that targets IE7, the most common edition.
This one involves hackers who perform SQL injection attacks to first compromise the sites. In a SQL injection attack, hackers utilize vulnerabilities in Web applications that rely on a back-end database, this gives them a way to add and run malicious codes, usually rogue JavaScript, against any browser.
Microsoft is working on a patch for IE, although the company has still not said when it would issue the update. Some researchers expect the seller to release a fix outside its normal monthly schedule; the next security updates aren’t due until Jan.9, 2009.
