Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Releases Quick Fix for Internet Explorer Zero-Day – Promises Patch on Friday

On Wednesday, Microsoft released a FixIt tool for those wanting some automated protection from the latest Zero-Day for Internet Explorer. However, if users at home are using caution as they surf the Web, and organizations are being proactive, it might be easier to wait until Friday, when Microsoft will issue an out-of-band security update to their browser, fully addressing the problem.

On Wednesday, Microsoft released a FixIt tool for those wanting some automated protection from the latest Zero-Day for Internet Explorer. However, if users at home are using caution as they surf the Web, and organizations are being proactive, it might be easier to wait until Friday, when Microsoft will issue an out-of-band security update to their browser, fully addressing the problem.

On Monday, SecurityWeek reported on the findings of Eric Romang, who discovered a vulnerability in Internet Explorer that was being exploited in the wild. This Zero-Day was quickly confirmed by other security researchers, who tied it to the Poison Ivy family of RATs (Remote Access Trojans), and the PlugX RAT and being used in targeted attacks against defense firms.

On Tuesday, Microsoft confirmed the vulnerability and issued a security advisory with guidance for users and network administrators. They’ve now updated that that advice to include the option for a FixIt installation, which will implement the mitigations automatically.

Yunsun Wee, Director of the Trustworthy Computing Group at Microsoft, said in a statement that while a vast majority of people are not impacted by the issue, “today Microsoft provided a temporary fix that can be downloaded with one easy click and offers immediate protection.”

In addition to FixIt solution, the biggest update to the security advisory is the confirmation that within four days of its discovery, a patch for the vulnerability will be released on Friday, September 12.

“…we will release a cumulative update for Internet Explorer through Windows Update and our other standard distribution channels. We recommend that you install this update as soon as it is available. If you have automatic updates enabled on our PC, you won’t need to take any action – it will automatically be updated on your machine. This will not only reinforce the issue that the Fix It addressed, but cover other issues as well,” Wee wrote on the MSRC blog.

Once the patch is released, the vulnerability itself will sill be a threat to take notice of, as the ability to exploit it already resides online and it will surely be included in many of the common exploit kits. With that said, the best advice is to apply the patch as soon as possible.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.