On Wednesday, Microsoft released a FixIt tool for those wanting some automated protection from the latest Zero-Day for Internet Explorer. However, if users at home are using caution as they surf the Web, and organizations are being proactive, it might be easier to wait until Friday, when Microsoft will issue an out-of-band security update to their browser, fully addressing the problem.
On Monday, SecurityWeek reported on the findings of Eric Romang, who discovered a vulnerability in Internet Explorer that was being exploited in the wild. This Zero-Day was quickly confirmed by other security researchers, who tied it to the Poison Ivy family of RATs (Remote Access Trojans), and the PlugX RAT and being used in targeted attacks against defense firms.
On Tuesday, Microsoft confirmed the vulnerability and issued a security advisory with guidance for users and network administrators. They’ve now updated that that advice to include the option for a FixIt installation, which will implement the mitigations automatically.
Yunsun Wee, Director of the Trustworthy Computing Group at Microsoft, said in a statement that while a vast majority of people are not impacted by the issue, “today Microsoft provided a temporary fix that can be downloaded with one easy click and offers immediate protection.”
In addition to FixIt solution, the biggest update to the security advisory is the confirmation that within four days of its discovery, a patch for the vulnerability will be released on Friday, September 12.
“…we will release a cumulative update for Internet Explorer through Windows Update and our other standard distribution channels. We recommend that you install this update as soon as it is available. If you have automatic updates enabled on our PC, you won’t need to take any action – it will automatically be updated on your machine. This will not only reinforce the issue that the Fix It addressed, but cover other issues as well,” Wee wrote on the MSRC blog.
Once the patch is released, the vulnerability itself will sill be a threat to take notice of, as the ability to exploit it already resides online and it will surely be included in many of the common exploit kits. With that said, the best advice is to apply the patch as soon as possible.
More from Steve Ragan
- Anonymous Claims Attack on IP Surveillance Firm Brickcom, Leaks Customer Data
- Workers Don’t Trust Employers with Personal Data: Survey
- Root SSH Key Compromised in Emergency Alerting Systems
- Morningstar Data Breach Impacted 184,000 Clients
- Microsoft to Patch Seven Flaws in July’s Patch Tuesday
- OpenX Addresses New Security Flaws with Latest Update
- Ubisoft Breached: Users Urged to Change Passwords
- Anonymous Targets Anti-Anonymity B2B Firm Relead.com
Latest News
- Live Exploitation Underscores Urgency to Patch Critical WS-FTP Server Flaw
- European Telecommunications Standards Institute Discloses Data Breach
- Number of Internet-Exposed ICS Drops Below 100,000: Report
- Johnson Controls Ransomware Attack Could Impact DHS
- Unpatched Exim Vulnerabilities Expose Many Mail Servers to Attacks
- CISA Kicks Off Cybersecurity Awareness Month With New Program
- Recently Patched TeamCity Vulnerability Exploited to Hack Servers
- Silverfort Open Sources Lateral Movement Detection Tool
