Microsoft to release out-of-band patch for zero-day IE vulnerability


Microsoft to release out-of-band patch for zero-day IE vulnerability

Warwick Ashford

Microsoft is to release a patch for a critical Internet Explorer zero-day vulnerability on 30 March.

Its decision to accelerate the release rather than waiting until next Patch Tuesday on 13 April is an indication that attacks against the vulnerability are increasing, according to Wolfgang Kandek, chief technology officer at security firm Qualys.

Like the last IE zero-day patch, Microsoft is including fixes for nine other vulnerabilities.

This means the patch is critical for all versions of IE, not just IE 6 and 7, which are the only versions affected by active attacks using the latest zero-day vulnerability.

"If you are still using IE6 or IE7, patch immediately. But even if you are on IE8 you should patch as quickly as possible, as attackers will start reverse engineering the flaws addressed and preparing corresponding exploits within the week," Kandek said.

Jerry Bryant, group manager of response communications at Microsoft, said all of the nine additional vulnerabilities were responsibly disclosed and there are no known active attacks against them.

"For customers using automatic updates, this update will automatically be applied once it is released," he said.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy