Microsoft to release emergency patch for zero-day flaw


Good news.

Microsoft has announced that tomorrow (Wednesday, 17 December) it will release an emergency out-of-band patch for the critical security hole that has been sending a chill down the spine of Internet Explorer users.

Concerns about the security bug escalated as it was discovered that it affected not only version 7 of Internet Explorer, but also IE 5.01 SP4, IE 6, IE 6 SP1, and IE 8 Beta 2. Attacks incorporating the exploit have also been seen on websites around the world, potentially putting Internet Explorer users at risk in the absence of a patch.

Microsoft will have been working feverishly to put a patch together that can defend all the different versions of Internet Explorer, and testing that it works as expected. Within 24 hours the patch should be available for anyone to download, and fingers crossed computer users will be applying it without hesitation.

Sophos has published its own analysis (with further information here) of the severity of the vulnerability that I would recommend you read if you haven’t already done so.