Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft to Issue Out-of-band Patch for Internet Explorer

Microsoft has said it would release a patch this afternoon, out-of-band, that will address the recently discovered Internet Explorer vulnerability that has been used in separate targeted attacks. The security fix comes just one week after January’s monthly security release from Redmond.

Microsoft has said it would release a patch this afternoon, out-of-band, that will address the recently discovered Internet Explorer vulnerability that has been used in separate targeted attacks. The security fix comes just one week after January’s monthly security release from Redmond.

Just before the start of the year, Microsoft acknowledged that a vulnerability in Internet Explorer was used in targeted attacks. The flaw was first spotted being used in a drive-by-download attack on the Council on Foreign Relations’ (CFR) website. A day after the confirmation was published, Microsoft released a Fixit option, which would help mitigate – but not fully patch – the issue. Yet, the Fixit solution was easily bypassed by researchers, rendering the protection it offered useless.   

On Sunday, Microsoft announced that they would be patching the Internet Explorer flaw out-of-band, and encouraged administrators and end users to patch as soon as possible.

The patch, which will be available for Internet Explorer versions 6, 7, and 8 (IE 9 and IE 10 are not affected), is scheduled for release at 1:00 p.m. EST today. “While we have still seen only a limited number of customers affected by the issue, the potential exists that more customers could be affected in the future,” wrote Dustin Childs, group manager for the company’s Trustworthy Computing Group, on the company blog.

“We recommend that you install this update as soon as it is available. This update for Internet Explorer 6-8 will be made available through Windows Update and our other standard distribution channels. If you have automatic updates enabled on your PC, you won’t need to take any action.”

Systems that applied the Fixit solution will not need to uninstall it before applying the patch. Microsoft has rated this latest security release with a severity rank of Critical.

Additional details are available here

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.