IT Security company Sophos has warned users about a critical unpatched security hole in the way Microsoft software handles Vector Markup Language (VML). Microsoft has not yet released a fix for the security hole, which is being exploited by hackers conspiring to install malicious code onto innocent users´ computers.
Microsoft has confirmed details of the vulnerability, and said that they plan to release a fix by Tuesday, 10 October.
The developers at Microsoft will be spitting feathers about yet another critical security problem being found in their code. What´s worse, this is a flaw that is being exploited by hackers intent on installing malware on the computers of Windows users without any patch existing,” said Graham Cluley, senior technology consultant for Sophos. “This is now a race against time. Even though reports of the exploit are so far limited, companies reliant on Internet Explorer would be wise to follow Microsoft´s advice on ways to avoid this particular form of attack as it may be weeks before a patch from Microsoft is available.”
Apple Mac owners, and users of non-Microsoft web browsers such as Mozilla Firefox, are not affected by the flaw.