Microsoft issues emergency patch warning for IE

Zero-day exploit fix arrives Wednesday


Microsoft will push out an emergency security patch for Internet Explorer on Wednesday, addressing a critical security hole currently being exploited in the wild.

Redmond issued advanced notice for tomorrow's fix, describing the out-of-cycle patch as protection from "remote code execution."

Unscheduled updates are pretty rare for Microsoft, stressing the potentially serious nature of the flaw. Although the last time Microsoft broke it's update cycle was in late October – it was the first time it had done so in about 18 months.

The latest zero-day vulnerability stems from data binding bugs that allows hackers access to a computer's memory space, allowing attackers to remotely execute malicious code as IE crashes, Microsoft has said.

Although the exploit was at first contained to warez and porn sites hosted on a variety of Chinese domains, the malicious JavaScript code has since spread to more trusted sites though SQL injection. The flaw is primarily being used to steal video game passwords at present, but could potentially be used to retrieve more critical sensitive data from users as well.

The vulnerability is specifically targeted at surfers running IE 7, but it's also known to affect versions 5, 6, and 8 of the browser as well. All IE users are advised to install the update.

Microsoft's emergency patch will become available Wednesday at 1 PM EST from auto-update and the Microsoft Download Center. A separate patch will be made available for those running IE8 Beta 2. ®


Keep Reading

After first floating $20bn penalty, DoJ suggests $60m fine for UMC's theft of Micron’s DRAM secrets

Taiwanese chipmaker promises ‘substantial assistance’ in ongoing China IP theft action

Otto man thrown under the bus: 33 crim trade secret theft charges for ex-Uber exec Anthony Levandowski

Former Waymo bigwig in way mo' trouble

Campaigners cry foul play as Oracle funds conservative lobby group supporting its court case against Google

Google-funded think tanks need to sit back and, er, have a think

Watch your MANRS: Akamai, Amazon, Netflix, Microsoft, Google, and pals join internet routing security effort

Filtering, anti-spoofing, coordination, validation to prevent crooks, spies hijacking victims' connections

Talk about unintended consequences: GDPR is an identity thief's dream ticket to Europeans' data

Black Hat Revenge plan morphs into data leak discovery

Hack computers to steal someone's identity in China? Why? You can just buy one from a bumpkin for, like, $3k

Black Hat Exploit an 3l33t zero-day and reverse-shell that backend DB proxy server... or simply pay this farmer off

Self-driving car supremo Anthony Levandowski sentenced to 18 months in the clink for stealing trade secrets from Google's Waymo

Yes, you read that right, an American exec is actually going to serve time... eventually. When he chooses

Game over, man: Microsoft test engineer who laundered stolen Xbox credits into $10m guilty of fraud

Idiot faces up to 20 years in the clink after peddling digital tokens

Biting the hand that feeds IT © 1998–2020