Microsoft rushed out a fix for a security flaw in its Internet Explorer Web browser after attackers had begun exploiting the vulnerability to take control of computers.
The Redmond-based software maker said it was putting out the fix ahead of the next scheduled security fix release date on October 10 because of the severity of the problem. The flaw carries Microsoft's highest 'critical' rating.
The vulnerability in Microsoft's browser is particularly worrisome to security experts because computer users could come under attack just by visiting a Web site that had been manipulated to take advantage of the flaw.
That, in turn, would give an attacker complete control of a user's computer, including access to emails, personal information and other data.
Johannes Ullrich, CTO with the security research organization SANS Institute, said it appears that a couple of thousand Web sites have already been manipulated to launch such attacks. The attack also seems to be spreading via email, he said.
Stephen Toulouse, senior product manager in Microsoft's security technology unit, said Microsoft had only seen very limited attacks since the flaw became public a little over a week ago. But he said the activity was enough to prompt the company to release the update ahead of schedule.