Emergency security patch issued by Microsoft to squash Internet Explorer zero day exploit

Emergency security patch issued by Microsoft to squash Internet Explorer zero day exploit

Bandaid on knee. Image from ShutterstockMicrosoft has released an out-of-cycle security update to protect Internet Explorer users against a vulnerability that was being exploited by malicious hackers.

Earlier this week Microsoft announced it would be issuing Security Update MS12-063, following the discovery last weekend by researcher Eric Romang that the previously unknown vulnerability was being used by a hacking gang to infect computers with the Poison Ivy Trojan.

Normally Microsoft releases security updates on a monthly schedule (known as “Patch Tuesday”), but as the heat rose with exploits using the attack and the likes of the German government urging users to stop using Internet Explorer, the software giant rightly moved to release an out-of-band emergency patch.

As well as defending against the zero-day vulnerability in versions of Internet Explorer, Microsoft’s security patch reportedly resolves four other remote code execution vulnerabilities that Microsoft says are not currently being exploited.

Vulnerabilities patched by Microsoft

In my opinion, computer users should be grateful for Microsoft’s response. They managed to create, test and roll out a patch for the Internet Explorer security vulnerabilty Romang discovered being exploited by malicious hackers within a week.

That’s not just good news for those who love Internet Explorer. All of us on the net reap the benefits when vulnerabilities are patched, as it gives malicious attacks less opportunities to spread.

Now it’s the turn of businesses to roll out the patch across their computers, and for home users to install the security update (hopefully most of them have automatic updates enabled).

The SophosLabs analysis of the latest Microsoft security patch can be read here.

Bandaid on knee image from Shutterstock.