On Wednesday, Microsoft released a FixIt tool for those wanting some automated protection from the latest Zero-Day for Internet Explorer. However, if users at home are using caution as they surf the Web, and organizations are being proactive, it might be easier to wait until Friday, when Microsoft will issue an out-of-band security update to their browser, fully addressing the problem.
On Monday, SecurityWeek reported on the findings of Eric Romang, who discovered a vulnerability in Internet Explorer that was being exploited in the wild. This Zero-Day was quickly confirmed by other security researchers, who tied it to the Poison Ivy family of RATs (Remote Access Trojans), and the PlugX RAT and being used in targeted attacks against defense firms.
On Tuesday, Microsoft confirmed the vulnerability and issued a security advisory with guidance for users and network administrators. They’ve now updated that that advice to include the option for a FixIt installation, which will implement the mitigations automatically.
Yunsun Wee, Director of the Trustworthy Computing Group at Microsoft, said in a statement that while a vast majority of people are not impacted by the issue, “today Microsoft provided a temporary fix that can be downloaded with one easy click and offers immediate protection.”
In addition to FixIt solution, the biggest update to the security advisory is the confirmation that within four days of its discovery, a patch for the vulnerability will be released on Friday, September 12.
“...we will release a cumulative update for Internet Explorer through Windows Update and our other standard distribution channels. We recommend that you install this update as soon as it is available. If you have automatic updates enabled on our PC, you won’t need to take any action – it will automatically be updated on your machine. This will not only reinforce the issue that the Fix It addressed, but cover other issues as well,” Wee wrote on the MSRC blog.
Once the patch is released, the vulnerability itself will sill be a threat to take notice of, as the ability to exploit it already resides online and it will surely be included in many of the common exploit kits. With that said, the best advice is to apply the patch as soon as possible.