The white-hat good guys of the cyber security frontier are now neck-and-neck with the black-hat online outlaws of the wild worldwide web in a race to stop the IE zero-day security hole from causing potential widespread mayhem across the information superhighway. According to researchers, the "bad guys" are presently hot on the heels of the "good guys" as they attempt to make the unreliable public attack code a lot deadlier than before.

Virtual villains and net ne'er-do-wells are presently rushing to build a dependable exploit based on the recently posted one to use against the zero-day security hole found in earlier versions of the system-integrated Microsoft Internet Explorer (IE) web browser. Microsoft's army of researchers admitted a few days ago that the hacker rush is also compelling them to push out a timely fix before the more serious attacks arrive in the wild.

This week, Microsoft confirmed the seriousness of the publicly exposed exploit code and its ability to compromise machines running either IE 6 and 7 (as reported yesterday in the "Microsoft Admits Zero-Day Vulnerability in IE 6 and 7" article). They then issued a security advisory on Tuesday stating that Windows Vista, Windows XP, and Windows 2000 were all at risk of the zero-day IE bug.

The security professionals of Microsoft have also figuratively set the hourglass down in regards to patching the highly critical IE vulnerability because the attack code for it had already been published to a widely browsed mailing list. Ben Greenbaum (Symantec security response team's Senior Research Manager) acknowledges that the IE bug is no joke and it's critical enough to warrant the attention it's currently receiving from Microsoft and the IT security media outlets.

Greenbaum further addresses that both the white-hat hackers and Microsoft researchers working on the patch as well as the black-hat hackers and web terrorists working on a better attack code are definitely in a race of some sort. Wolfgang Kandek, Qualys's Chief Technology Officer, has similar sentiments. The latter security expert reckons that everything now boils down to whether attackers could get a proper exploit working first or Microsoft could fix the security hole beforehand.