Microsoft plans to release an out-of-cycle security patch next week to fix a software flaw that led to the sophisticated Download.Ject malware attack, company officials disclosed on Wednesday.
The company will release the patch, which is currently being tested, next week as a "critical" security update to provide a "long-term solution to the core vulnerability" that led to the Download.Ject attack.
Dean Hachamovitch, Microsoft group product manager for Internet Explorer, made the announcement, saying the patch would cover IE versions 5.01, 5.5 and 6.0.
The software giant has already released a Trojan detection and removal tool to help PC users clean up after the attack, which targeted well-known software flaws to install keystroke loggers and other malicious code on infected systems.
The 118 kilobyte removal tool is programmed to remove the payload delivered by the server-side Download.Ject Trojan. The Trojan, also known as Scob, exploited vulnerabilities in Microsoft's IIS 5.0 servers and IE to distribute malware programs. It started spreading late last month after unknown attackers uploaded a small file with JavaScript to infected Web sites running Microsoft IIS 5.0 servers.
News source: Internetnews.com