In a break from its usual once-a-month update scheme, Microsoft issued the patch and called on users of Internet Explorer to update their systems immediately.
The problem came to light in December, but it has taken until now for the software giant to develop and test the fix. In the meantime, fraudsters have used the flaw to deceive individuals by posing as the US Federal Deposit Insurance Corp – a company that insures US bank accounts.
A link on a spam e-mail received by thousands of bank account holders directed people to a web site purporting to be that of the Corporation and asked for personal and financial details to be provided for the purpose of identification. The flaw in Internet Explorer allowed the fraudsters to disguise their actual web address as that of the Federal Deposit Insurance Corp.
The Microsoft update tackles this and two other critical flaws in Internet Explorer. One could have allowed hackers to take over computers running the flawed software if their users clicked on or visited a "hostile" link or web site; another could have allowed hackers to download programs onto computers running Internet Explorer when a "hostile" link or web site was utilised.
Internet Explorer users who have not already patched their systems are advised to obtain an update from the Microsoft web site.