Microsoft: Patch for critical IE zero-day bug coming Friday

In the meantime, releases stopgap measure

By , Computerworld |  Security, Internet Explorer, Microsoft

Microsoft on Wednesday released a stopgap defense that protects Internet Explorer (IE) against attacks until the company issues a patch on Friday.

The update will fix five flaws, including one revealed by a security researcher last weekend that hackers have been exploiting to hijack Windows PCs and infect them with malware.

The so-called "zero-day" vulnerability -- meaning it was leveraged by attackers before Microsoft was aware of the bug, much less able to patch it -- has been analyzed and discussed by security experts with increasing intensity since Monday.

Wednesday, for example, U.K.-based Sophos raised its threat level to "high," following moves earlier in the week by rivals like Symantec, which boosted its Internet barometer to "ThreatCon 2."

On Monday, Germany's cybersecurity agency urged IE users to stop running the browser and switch to another, such as Google's Chrome or Mozilla's Firefox, until Microsoft patched the vulnerability.

On Wednesday, Microsoft published a "Fixit" -- one of its automated configuration tools -- that blocks the known exploits. The Fixit has been posted in a support document on Microsoft's website.

The tool is only a temporary measure.

"This Friday, Sept. 21, we will release a cumulative update for Internet Explorer through Windows Update and our other standard distribution channels," said Yunsun Wee, director of Microsoft's Trustworthy Computing Group, in a blog post. "We recommend that you install this update as soon as it is available."

Wee said that the update, tagged as MS12-063, will patch the zero-day bug as well as four other critical vulnerabilities.

Friday's "out-of-band" update will be the first emergency patch that Microsoft has released this year and only the second since September 2010. It will also be the first emergency patch of an IE zero-day vulnerability since one in January 2010 that fixed a flaw exploited by the "Aurora" Trojan horse.


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness