The possibility has led to serious speculation in the tech community that Microsoft may release an emergency patch to rectify the situation.
Normally, Microsoft releases its updates on a set monthly basis, and is currently scheduled to release its next series of patches on Dec. 13, but security experts at the SANS Institute Internet Storm Centre said an out-of-cycle release is likely.
“I know that I am watching and waiting to see if Microsoft is going to release an out-of-cycle patch, or wait for the Dec. 13 patch day,” Scott Fendley of SANS said. “If I were a gambler, I might actually bet on Microsoft releasing it early.”
Fendley recommended IE users turn off Java script or use an alternative browser until the issue is resolved.
“This issue was originally reported to the public in May as being a stability issue that caused the browser to close,” said Microsoft officials in an updated advisory on the software giant’s website. “Since then, new information has been posted that indicates remote code execution could be possible.”
Delf-DH takes advantage of a vulnerability in Microsoft’s Internet Explorer browser, infecting unprotected Windows users who inadvertently download the Trojan off of malicious websites. Once installed, Delf-DH downloads malware that monitors user activity and redirect surfers to porn sites.
Microsoft admitted that even fully patched Windows 2000 and Windows XP systems are at risk of infection, though the company downplayed the seriousness of the Trojan.
“Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers,” the company advisory said.
