Microsoft has confirmed that it will be releasing an update to plug a security hole in its latest browser, Internet Explorer 8.
The company will issue an update to fix a security flaw in the browser’s cross-site scripting (XSS) filter which, if left unfixed, would put users at risk of malicious software.
Microsoft said that the update will be released in June to fix the hole that researchers warned about at the Black Hat Europe conference in Barcelona last week. The researchers showed how problems with the filter could be used to inject malicious code on to sites including Google, Microsoft’s Bing search site and Twitter.
“The XSS Filter related Black Hat EU presentation discussed a vulnerability that was previously disclosed and addressed in the January security update to Internet Explorer (MS10-002),” David Ross wrote on the Microsoft Security Response Center blog.
“Like many security issues – take malware as an example – attack vectors are always a moving target. The role of the browser maker is to do everything we can to keep people safe without them having to do a lot of extra work.”IE to us
