Microsoft to release emergency Internet Explorer patch tomorrow
IE browser XSS flaw opens door to thieves and phishers
Microsoft is to release an emergency patch for the zero-day flaw in Internet Explorer tomorrow.
Scheduled to be released at 6pm BST tomorrow, the critical patch will cover the remote code execution flaw in Windows and versions 7, 8 and 9 of the browser.
Yunsun Wee, director of Microsoft Trustworthy Computing, said that the update will be released through Windows Update and its other standard distribution channels and recommended that users install this update as soon as it is available.
“If you have automatic updates enabled on your PC, you won't need to take any action – it will automatically be updated on your machine. This will not only reinforce the issue that the Fix It addressed, but cover other issues as well,” Wee said.
Andrew Storms, director of security operations for nCircle, said: “In contrast with every other major software vendor, Microsoft has been communicating with users all week. Even if you think there are a lot of things Microsoft can improve, they are light years ahead of other vendors in providing clear, consistent, valuable communication to their users on security issues.”
Wolfgang Kandek, CTO of Qualys, said: “The decision on whether to deploy the Fix It or whether to wait for the final patch should take into account that attacks are not widespread yet; currently attacks using the vulnerability continue to be of the targeted type with low infection rates reported.”
The bug was discovered by security researcher Eric Romang last week and led Microsoft to release Security Advisory 2757760 to address the issue. According to Reuters, hackers are using the bug to launch attacks, specifically against defence contractors, while the German government encouraged users not to use the browser.