Microsoft: Patch for critical IE zero-day bug coming Friday

In the meantime, releases stopgap measure

By , Computerworld |  Security, Internet Explorer, Microsoft

Hackers infected Windows PCs at Google and other Western companies with Aurora in late 2009 and early 2010 by exploiting a then-unpatched bug in IE6. Google accused Chinese hackers of breaking into its network, a charge that prompted the search giant to threaten a shutdown of its Chinese operations.

While Wee continued Wednesday to say that Microsoft was aware of only a "small number of customers" victimized by the newest IE zero-day, the company typically unleashes an emergency update only when it believes the threat is substantial and when the volume of attacks is quickly increasing.

IE6, IE7, IE8 and IE9 all are vulnerable to attack, Microsoft confirmed in an advance notice of the impending patch. Only IE10, the version bundled with Windows 8, does not contain the bug.

Those browsers, which collectively run on Windows XP, Vista and Windows 7, accounted for 53% of those used last month worldwide, according to metrics company Net Applications.

One security researcher predicted at least part of Microsoft's news several hours before the Redmond, Wash., software maker announced its next move.

"I think we'll see the Fixit today and [a] patch tomorrow," said Andrew Storms, director of security operations at nCircle Security, during a Wednesday instant message conversation. "They've been communicating something every day so far this week," Storms said.

On Tuesday, Microsoft said it would issue a Fixit tool "in the next few days."

Microsoft will release the emergency update at approximately 1 p.m. ET Friday via the Microsoft Update and Windows Update services, as well as through WSUS (Windows Server Update Services), the de facto corporate patch deployment tool.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question