Microsoft takes urgent step today to patch stubborn Internet Explorer flaw

  • Tim Greene (Network World)
  • — 14 January, 2013 15:01

Look today for a Microsoft patch that repairs a vulnerability in old versions of Internet Explorer that have been exploited in the wild and that persisted despite a Fix It tool issued last month.

The flaw affects IE 6, 7, and 8 and makes it possible for attackers to execute malicious code and take control of target machines by exploiting the flaw from tainted Web sites. Exploits were posted online and used on thousands of sites.

BACKGROUND: Patch Tuesday fails to address Internet Explorer zero-day exploit 

MORE: 11 (FREE!) Microsoft tools to make life easier 

Microsoft had said the surest way to avoid the problem was to upgrade to a later version of IE but many couldn't.

Microsoft took steps to block the attacks with a temporary solution that was hacked within days, prompting Microsoft now to step outside its normal security bulleting schedule of releasing patches on the first Tuesday of each month.

A Webcast today at 4 p.m. Eastern time will feature Microsoft experts who will answer customers' questions about the patch.

(Tim Greene covers Microsoft for Network World and writes the Mostly Microsoft blog. Reach him at tgreene@nww.com and follow him on Twitter https://twitter.com/#!/Tim_Greene.)

Read more about wide area network in Network World's Wide Area Network section.

Tags: Internet Explorer bug, security, Microsoft, Internet Explorer flaw, Windows, Internet explorer patch, software, operating systems, Patch Tuesday

Heartbleed bug is irritating McAfee, Symantec, Kaspersky Lab

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Security Risk Management Solutions

Protect resources and ensure security compliance through incident detection, response, and remediation.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.