22 Jan 2004
Microsoft has admitted that it is still unable to release a fix for a serious flaw in Internet Explorer (IE) that allows hackers to clone websites.
Security experts notified the software giant about the vulnerability, exploited in so-called 'phishing' attacks, early last month.
Further reading
The company was expected to solve the problem in its monthly security bulletin last week, but it failed to appear.
If Microsoft decides not to release the patch until its next security bulletin, users will have to wait until at least 10 February for a solution.
"We know, and have recorded, that there is an issue and a problem, and we are working on a patch that will be issued as soon as possible," Stuart Okin, chief security officer at Microsoft UK, told vnunet.com's sister title Computing.
The IE flaw allows websites to be copied and passed off as the real thing. Fraudsters send emails to consumers claiming to be from a bank or other organisation, with a link to the spoofed site asking for details such as security information and passwords.
Companies hit by phishing attacks in recent months include Visa, CitiBank, Lloyds TSB, Barclays and eBay.
Okin is unclear about the progression of the IE patch, or when it will be released.
"We haven't decided if it will be out of the monthly patch cycle or within the main release. This will be based on consumer feedback," he said.
Security experts believe that the flaw has serious implications that could damage consumer trust in the internet.
"I think this is a major problem," said Dinis Cruz, chief technology officer at security firm CISSP.
"It has the potential to affect the amount of trust consumers have in the internet. Once you break that trust, it is very hard to get it back."
Have your say on this article
Newsletters
Latest stories from Security
Latest videos
You may also like
Security jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?