Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft to Issue Out-of-band Patch for Internet Explorer

Microsoft has said it would release a patch this afternoon, out-of-band, that will address the recently discovered Internet Explorer vulnerability that has been used in separate targeted attacks. The security fix comes just one week after January’s monthly security release from Redmond.

Microsoft has said it would release a patch this afternoon, out-of-band, that will address the recently discovered Internet Explorer vulnerability that has been used in separate targeted attacks. The security fix comes just one week after January’s monthly security release from Redmond.

Just before the start of the year, Microsoft acknowledged that a vulnerability in Internet Explorer was used in targeted attacks. The flaw was first spotted being used in a drive-by-download attack on the Council on Foreign Relations’ (CFR) website. A day after the confirmation was published, Microsoft released a Fixit option, which would help mitigate – but not fully patch – the issue. Yet, the Fixit solution was easily bypassed by researchers, rendering the protection it offered useless.   

On Sunday, Microsoft announced that they would be patching the Internet Explorer flaw out-of-band, and encouraged administrators and end users to patch as soon as possible.

The patch, which will be available for Internet Explorer versions 6, 7, and 8 (IE 9 and IE 10 are not affected), is scheduled for release at 1:00 p.m. EST today. “While we have still seen only a limited number of customers affected by the issue, the potential exists that more customers could be affected in the future,” wrote Dustin Childs, group manager for the company’s Trustworthy Computing Group, on the company blog.

“We recommend that you install this update as soon as it is available. This update for Internet Explorer 6-8 will be made available through Windows Update and our other standard distribution channels. If you have automatic updates enabled on your PC, you won’t need to take any action.”

Systems that applied the Fixit solution will not need to uninstall it before applying the patch. Microsoft has rated this latest security release with a severity rank of Critical.

Additional details are available here

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.