Holes may affect all versions of Internet Explorer

It all turned a bit nasty last week for Microsoft which, after initially putting on a brave face about its security, released a patch for an Internet Explorer 6 (IE6) hole through which China-based cyber spies attacked Google and other firms.

The French and German Governments joined in calling for web users to find an alternative to Microsoft's IE to protect security.

Certa, an agency that oversees cyber threats, warned against using all versions of the browser.

Germany warned users after malicious code was published online.

But Microsoft told BBC News that IE8 was the "most secure browser on the market" and people should upgrade.

Cliff Evans, head of security and privacy, said that so far, the firm had seen malicious code that targeted only the older version of its browser - IE6.

The risk was minimal, he said.

Fast forward a few days and Microsoft announced it was releasing a patch for IE6.

"Microsoft continues to see limited attacks, and to date, the only successful attacks have been against Internet Explore 6," the company said on its website.

"We recommend that customers install the update as soon as it is available."

Microsoft broke with normal protocol by releasing the patch as soon as it was ready instead of on the normal second Tuesday of each month.

Attacks that prompted a showdown between Google and China only worked against IE6.

Computers could protect themselves by switching to newer versions of the web browser, according to a Microsoft security manager.

IE7 and IE8 seemed to be holding and at writing, none of the attacks had been successful against IE8.

No matter which web browsers people use, upgrading to the most current version promises to increase protection against hackers.

However, what Mack-line found disturbing was an alert from Symantec, the maker of Norton computer protection software.

New Zealand spokesman Fred Russo said Microsoft had recently announced a zero-day vulnerability that affected IE6, 7 and 8.

That meant there was a hole in IE that a cyber criminal could take advantage of, he said.

"Criminals create a malicious threat that targets anyone who is using the vulnerable browser and is not protected.

"They'll use tricks like spam, phishing or fake websites that show up on search results to lure people to an infected site."

He urged computer users to stay on top of security patches.

Vulnerabilities happened all of the time, regardless of the operating system or software maker.

When the Microsoft patches arrive, they should be downloaded as soon as possible, Mr Russo said.

Mack-line agrees.

Graham Cluley, of Security firm Sophos, said Microsoft had admitted there was a vulnerability, even in IE8.

Because details of the exploit were now available online, hackers could soon change the code to target other versions of the browser.

Web users should be careful about clicking on links in unsolicited emails.

Mack-line wonders if any readers have experienced a problem similar to this.

Internet Explorer and Firefox keep telling Mack-line that sites, such as a local wine supplier, all major trading banks, a credit union site, gmail, hotmail and an online retailer have expired certificates.

IE went as far as not allowing Mack-line to order wine online or log on to the Bank of New Zealand site.

Firefox allowed Mack-line to create certificate exemptions but warned against making those exemptions.