Microsoft to patch IE zero-day flaw today

From CNET News.com: Microsoft will fix a zero-day hole in IE today almost a week after this month's regular Patch Tuesday updates.

Discovered late last month, the vulnerability could allow attackers to gain control of a Windows computer running one of the older versions of IE by directing users to malicious Web sites. In response, Microsoft had suggested several workarounds and even offered a "one-click fix" designed to mitigate the problem, but those were considered temporary solutions.

Today's update will fully resolve the issue, according to Microsoft. Scheduled for rollout at 10 a.m. PT, the fix will be available as a critical update, meaning it will automatically be applied to any Windows computers with Automatic Updates turned on. Otherwise, users will need to install the update manually through Windows Update.

Security professionals were wondering when Microsoft would resolve this flaw, since the company did not address the problem in last week's Patch Tuesday rollout. But a fix for the bug was already in the works.

Dustin Childs, group manager of Microsoft Trustworthy Computing, told CNET on January 4 that the company was actively working on a security update for the zero-day issue.

Internet Explorer 9 and 10 are immune to this particular flaw, so users of older versions of the browser will need to install the update.

View: Article @ Source Site