Microsoft is planning to release an out-of-band patch for Internet Explorer on Wednesday to address a critical security vulnerability that is being actively exploited.The company on Saturday warned that 1 in 500 Internet Explorer users worldwide may have been exposed to malware hosted at both legitimate Web sites and porn sites that exploit an unpatched vulnerability.Microsoft confirmed finding exploit code on a search engine in Taiwan and on a Web site in Hong Kong that serves adult entertainment content."Based on our stats, since the vulnerability has gone public, roughly 0.2% of users worldwide may have been exposed to websites containing exploits of this latest vulnerability," Microsoft Security Response Center researchers Ziv Mador and Tareq Saade said in a blog post. "That percentage may seem low, however it still means that a significant number of users have been affected. The trend for now is going upwards: We saw an increase of over 50% in the number of reports today compared to yesterday."Microsoft's estimate works out to as many as 1.4 million potential victims, assuming there are a billion active Internet users (estimates range from 800 million to 1.5 billion), about 70% of whom are using Internet Explorer. The number of potential victims would drop to 940,000 if only Internet Explorer 7 users (47% browser market share) were affected. And those numbers represent only potential victims: Not all those exposed would be necessarily become infected.The security hole in Internet Explorer has snowballed since last week when Microsoft in a Security Advisory said, "At this time, we are aware only of limited attacks that attempt to use this vulnerability."
Continue At Source