Microsoft to release out-of-band patch for zero-day IE vulnerability

Microsoft is to release a patch for a critical Internet Explorer zero-day vulnerability on 30 March.

Microsoft is to release a patch for a critical Internet Explorer zero-day vulnerability on 30 March.

Its decision to accelerate the release rather than waiting until next Patch Tuesday on 13 April is an indication that attacks against the vulnerability are increasing, according to Wolfgang Kandek, chief technology officer at security firm Qualys.

Like the last IE zero-day patch, Microsoft is including fixes for nine other vulnerabilities.

This means the patch is critical for all versions of IE, not just IE 6 and 7, which are the only versions affected by active attacks using the latest zero-day vulnerability.

"If you are still using IE6 or IE7, patch immediately. But even if you are on IE8 you should patch as quickly as possible, as attackers will start reverse engineering the flaws addressed and preparing corresponding exploits within the week," Kandek said.

Jerry Bryant, group manager of response communications at Microsoft, said all of the nine additional vulnerabilities were responsibly disclosed and there are no known active attacks against them.

"For customers using automatic updates, this update will automatically be applied once it is released," he said.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...

SearchNetworking

SearchDataCenter

SearchDataManagement

Close