Microsoft has said it would release a patch this afternoon, out-of-band, that will address the recently discovered Internet Explorer vulnerability that has been used in separate targeted attacks. The security fix comes just one week after January’s monthly security release from Redmond.
Just before the start of the year, Microsoft acknowledged that a vulnerability in Internet Explorer was used in targeted attacks. The flaw was first spotted being used in a drive-by-download attack on the Council on Foreign Relations’ (CFR) website. A day after the confirmation was published, Microsoft released a Fixit option, which would help mitigate – but not fully patch – the issue. Yet, the Fixit solution was easily bypassed by researchers, rendering the protection it offered useless.
On Sunday, Microsoft announced that they would be patching the Internet Explorer flaw out-of-band, and encouraged administrators and end users to patch as soon as possible.
The patch, which will be available for Internet Explorer versions 6, 7, and 8 (IE 9 and IE 10 are not affected), is scheduled for release at 1:00 p.m. EST today. “While we have still seen only a limited number of customers affected by the issue, the potential exists that more customers could be affected in the future,” wrote Dustin Childs, group manager for the company’s Trustworthy Computing Group, on the company blog.
“We recommend that you install this update as soon as it is available. This update for Internet Explorer 6-8 will be made available through Windows Update and our other standard distribution channels. If you have automatic updates enabled on your PC, you won’t need to take any action.”
Systems that applied the Fixit solution will not need to uninstall it before applying the patch. Microsoft has rated this latest security release with a severity rank of Critical.
Additional details are available here.
More from Steve Ragan
- Anonymous Claims Attack on IP Surveillance Firm Brickcom, Leaks Customer Data
- Workers Don’t Trust Employers with Personal Data: Survey
- Root SSH Key Compromised in Emergency Alerting Systems
- Morningstar Data Breach Impacted 184,000 Clients
- Microsoft to Patch Seven Flaws in July’s Patch Tuesday
- OpenX Addresses New Security Flaws with Latest Update
- Ubisoft Breached: Users Urged to Change Passwords
- Anonymous Targets Anti-Anonymity B2B Firm Relead.com
Latest News
- US State Department Says 60,000 Emails Taken in Alleged Chinese Hack
- Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product
- Verisoul Raises $3.25 Million in Seed Funding to Detect Fake Users
- Lumu Raises $30 Million for Threat Detection and Response Platform
- Government Shutdown Could Bench 80% of CISA Staff
- Moving From Qualitative to Quantitative Cyber Risk Modeling
- Cisco Warns of IOS Software Zero-Day Exploitation Attempts
- Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits
