Microsoft was at 7am today expected to release an emergency out-of-band patch to fix Internet Explorer (IE) zero day security vulnerability problems, which have been used by attackers in various high-profile cyber crimes.
Symantec security expert Joshua Talbot said from Auckland the recent Trojan Hydraq attacks waged against Google and several other companies had exposed the vulnerability.
The vulnerability affected IE 6, 7 and 8 which made up the bulk of the versions used, but the only wild exploit code detected so far affected only IE6.
However, he urged computer users to patch their systems this morning.
In addition, companies should consider implementing an automated patch management solution to help mitigate the risk.
While the security vulnerability had only been used in a limited number of targeted attacks so far, they appeared to be high-profile attacks, he said The most likely attack seen so far was emails containing legitimate-looking attachments or links to websites sent to high-level employees.
When the attachment was opened, an exploit for the vulnerability went into action and the computer became infected.
"Despite the fact that we've seen just limited attacks using this vulnerability, there is no reason to think we won't see more attack attempts. You can be sure bad guys are working overtime to create reliable exploits for the other affected versions of IE."
The security hole was so dangerous because it allowed for remote exploitation, Mr Talbot said.
That meant attackers cold-run any malicious code of their liking on a victim's machine by taking advantage of the vulnerability.
No matter which web browser people use, upgrading to the most current version promises to increase protection against hackers.
Microsoft confirmed last week that a previously unknown security vulnerability in its IE 6 browser was used in cyber attacks which prompted Google to threaten to shut down its operations in China.
Revealing the attacks on January 12, Google said they originated in China and targeted the email accounts of Chinese human rights activists worldwide but did not explicitly accuse the Chinese Government of responsibility.
Web security firm McAfee Inc said that the attacks on Google and other companies showed a level of sophistication beyond that of cyber criminals and more typical of a nation state.
Google said more than 20 other unidentified firms were targeted in the "highly sophisticated" attacks, while other reports have put the number of companies attacked at more than 30.
Only one other company, Adobe, has come forward so far and acknowledged that it was a target.
