Microsoft has said it would release a patch this afternoon, out-of-band, that will address the recently discovered Internet Explorer vulnerability that has been used in separate targeted attacks. The security fix comes just one week after January’s monthly security release from Redmond.
Just before the start of the year, Microsoft acknowledged that a vulnerability in Internet Explorer was used in targeted attacks. The flaw was first spotted being used in a drive-by-download attack on the Council on Foreign Relations’ (CFR) website. A day after the confirmation was published, Microsoft released a Fixit option, which would help mitigate – but not fully patch – the issue. Yet, the Fixit solution was easily bypassed by researchers, rendering the protection it offered useless.
On Sunday, Microsoft announced that they would be patching the Internet Explorer flaw out-of-band, and encouraged administrators and end users to patch as soon as possible.
The patch, which will be available for Internet Explorer versions 6, 7, and 8 (IE 9 and IE 10 are not affected), is scheduled for release at 1:00 p.m. EST today. “While we have still seen only a limited number of customers affected by the issue, the potential exists that more customers could be affected in the future,” wrote Dustin Childs, group manager for the company’s Trustworthy Computing Group, on the company blog.
“We recommend that you install this update as soon as it is available. This update for Internet Explorer 6-8 will be made available through Windows Update and our other standard distribution channels. If you have automatic updates enabled on your PC, you won’t need to take any action.”
Systems that applied the Fixit solution will not need to uninstall it before applying the patch. Microsoft has rated this latest security release with a severity rank of Critical.
Additional details are available here.
More from Steve Ragan
- Anonymous Claims Attack on IP Surveillance Firm Brickcom, Leaks Customer Data
- Workers Don’t Trust Employers with Personal Data: Survey
- Root SSH Key Compromised in Emergency Alerting Systems
- Morningstar Data Breach Impacted 184,000 Clients
- Microsoft to Patch Seven Flaws in July’s Patch Tuesday
- OpenX Addresses New Security Flaws with Latest Update
- Ubisoft Breached: Users Urged to Change Passwords
- Anonymous Targets Anti-Anonymity B2B Firm Relead.com
Latest News
- OpenSSL Ships Patch for High-Severity Flaws
- Software Supply Chain Security Firm Lineaje Raises $7 Million
- ICS Cybersecurity Firm Opscura Launches With $9.4 Million in Series A Funding
- Vulnerability Provided Access to Toyota Supplier Management Network
- Patch Released for Actively Exploited GoAnywhere MFT Zero-Day
- Linux Variant of Cl0p Ransomware Emerges
- VMware Says No Evidence of Zero-Day Exploitation in ESXiArgs Ransomware Attacks
- Comcast Wants a Slice of the Enterprise Cybersecurity Business
