A very significant hole - listed as extremely critical by security experts - has been discovered in Internet Explorer that needs to be patched right away.
Microsoft initially downplayed the risk, CTO of Secunia Thomas Kristensen told us, but closer inspection revealed it to be particularly dangerous. "People with little technical knowledge will be able to exploit this. The only solution is to install the patch as soon as possible," he explained.
The hole (actually one of three just announced by Microsoft) would give a malicious intruder the same access rights to the system as the person whose computer they compromised simply by them previewing an HTML email or looking at a particular web page.
It is strikingly simple to take advantage of the hole, which works by abusing Explorer's approach to handling files. Explorer decides whether material is safe by looking at its Object Data tag. However a different tag - Content-Type - decides how Explorer actually treats the file. As such, by mislabelling a malicious file as, say, HTML, the browser will run it as if it is a safe file. And using freely available hacking tools this means that people with even limited technical know-how could break into your system.
Mr Kristensen sees it as only a matter of time before someone with better IT skills knocks up a virus to widely exploit the hole. Since the only way of preventing the breach would be for companies to restrict all employee access to anything beyond very basic HTML files, the only practical solution is to download the patch and install it across your network - right now.
The other two holes are less critical since they require some technical knowledge. One works by abusing how Explorer retrieves files from its cache and would need some malicious code to be run. The second is a hole in Active X. Again, a malicious HTML document and executable code. All three are fixed with Microsoft's latest patch.
The holes affect Explorer 5.01, 5.5 and 6. The CVE references are: CAN-2003-0530, 31, 32 and 0344.