Microsoft to release out-of-band patch for zero-day IE vulnerability

News

Microsoft to release out-of-band patch for zero-day IE vulnerability

Warwick Ashford

Microsoft is to release a patch for a critical Internet Explorer zero-day vulnerability on 30 March.

Its decision to accelerate the release rather than waiting until next Patch Tuesday on 13 April is an indication that attacks against the vulnerability are increasing, according to Wolfgang Kandek, chief technology officer at security firm Qualys.

Like the last IE zero-day patch, Microsoft is including fixes for nine other vulnerabilities.

This means the patch is critical for all versions of IE, not just IE 6 and 7, which are the only versions affected by active attacks using the latest zero-day vulnerability.

"If you are still using IE6 or IE7, patch immediately. But even if you are on IE8 you should patch as quickly as possible, as attackers will start reverse engineering the flaws addressed and preparing corresponding exploits within the week," Kandek said.

Jerry Bryant, group manager of response communications at Microsoft, said all of the nine additional vulnerabilities were responsibly disclosed and there are no known active attacks against them.

"For customers using automatic updates, this update will automatically be applied once it is released," he said.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy