Symantec Threat Bulletin: Microsoft to Release Out-of-Band Patch to fix Internet Explorer Vulnerability
- 21 January, 2010 18:00
<p>Microsoft has announced it will release an emergency out-of-band patch to fix the Internet Explorer zero day security vulnerability that has been used by attackers in various high-profile targeted attacks, specifically the recent Trojan.Hydraq attacks waged against Google and a number of other companies. The patch is expected to be released at approximately 10am Pacific Time (PT).</p>
<p>The latest vulnerability affects Internet Explorer 6, 7 and 8, however, the only in-the-wild exploit code for this vulnerability detected so far is confirmed to affect just Internet Explorer 6.</p>
<p>Symantec’s Security Response Team has identified that this security vulnerability has only been used in a very limited number of targeted attacks so far.</p>
<p>The most likely attack vector appears to be targeted emails containing legitimate looking attachments or links to websites sent to high-level employees. When the attachment is opened, an exploit for the vulnerability is activated and the computer becomes infected.</p>
<p>Symantec strongly encourages users to patch their systems against this vulnerability. In addition, enterprises are encouraged to consider implementing an automated patch management solution to help mitigate risk.</p>
<p>Please let me know if you would like to discuss the recent security vulnerability with a Symantec security expert.</p>
<p>+61 2 9954 3492</p>
- The week in security: Rethinking security in an age of cyber insecurity
- A deeper look into the WhatsApp hack and the complex cyber weapons industry
- Oracle releases emergency patch or WebLogic, exploits in the wild
- Watch out: there is a new kid around the block called New WannaCry. Question is: are you ready for it?
- What if the Internet never existed?