Emergency security patch issued by Microsoft to squash Internet Explorer zero day exploit

Filed Under: Featured, Internet Explorer, Microsoft, Vulnerability

Bandaid on knee. Image from ShutterstockMicrosoft has released an out-of-cycle security update to protect Internet Explorer users against a vulnerability that was being exploited by malicious hackers.

Earlier this week Microsoft announced it would be issuing Security Update MS12-063, following the discovery last weekend by researcher Eric Romang that the previously unknown vulnerability was being used by a hacking gang to infect computers with the Poison Ivy Trojan.

Normally Microsoft releases security updates on a monthly schedule (known as "Patch Tuesday"), but as the heat rose with exploits using the attack and the likes of the German government urging users to stop using Internet Explorer, the software giant rightly moved to release an out-of-band emergency patch.

As well as defending against the zero-day vulnerability in versions of Internet Explorer, Microsoft's security patch reportedly resolves four other remote code execution vulnerabilities that Microsoft says are not currently being exploited.

Vulnerabilities patched by Microsoft

In my opinion, computer users should be grateful for Microsoft's response. They managed to create, test and roll out a patch for the Internet Explorer security vulnerabilty Romang discovered being exploited by malicious hackers within a week.

That's not just good news for those who love Internet Explorer. All of us on the net reap the benefits when vulnerabilities are patched, as it gives malicious attacks less opportunities to spread.

Now it's the turn of businesses to roll out the patch across their computers, and for home users to install the security update (hopefully most of them have automatic updates enabled).

The SophosLabs analysis of the latest Microsoft security patch can be read here.

Bandaid on knee image from Shutterstock.

, , ,

You might like

3 Responses to Emergency security patch issued by Microsoft to squash Internet Explorer zero day exploit

  1. Nigel · 677 days ago

    In the past, I have consistently and justifiably ripped Microsoft up one side and down the other for their horrifying disregard for the security of their users. But fair is fair, and I have to admit that at last they seem to have turned themselves around. Their response time on this zero-day exploit is commendable, and I applaud their efforts in other areas (such as enabling Do Not Track by default in IE 10...and shame on Apache for dishonoring that effort).

  2. Harry pollard · 676 days ago

    My school has never rolled out a single update to our computers, good job they have up to date sophos anti-virus that any user can update at any time (I do it a lot!).

  3. Wesley · 674 days ago

    Best security fix for Internet Explorer:

    Download another browser.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.