Microsoft will issue an emergency update to patch a vulnerability in Internet Explorer (IE) in the next two weeks to fix a flaw criminals have been using for more than a month, researchers said Tuesday.
The company will move on the IE6, IE7 and IE8 bug before the next regularly-scheduled Patch Tuesday because of increasing attacks and proof that temporary workarounds can be circumvented.
Active attacks targeting a critical vulnerability in older versions of Microsoft's Internet Explorer browser have been carried out by an experienced gang of hackers. And over the past four years, the group has penetrated the defenses of Google and dozens of other companies using similar zero-day exploits.
A researcher has bypassed Microsoft's temporary fix for a zero-day Internet Explorer browser vulnerability that hackers have been exploiting for a month.
The exploit, developed by Peter Vreugdenhil of the vulnerability analysis company Exodus Intelligence, places pressure on Microsoft to release a permanent fix sooner rather than later. The software maker did not include a permanent patch in its advanced notification of seven security updates set for release next week.
Microsoft today released so-called "Fix It" software that will protect Windows users from a critical Internet Explorer hole being exploited in attacks until the company releases a cumulative update for IE on Friday.
Researchers believe a new zero-day vulnerability, affecting Internet Explorer (IE) 9 and earlier versions, was exploited by the Nitro cyber gang.
Microsoft has already released a security advisory to alert users of the bug, and said it would issue a temporary patch, which will be available within the next few days for download.
Microsoft said today it will issue a fix soon for a security flaw that affects users of Internet Explorer versions 6 through 9.
Uncovered this past weekend, the security hole could compromise the PCs of IE users who surf to a malicious Web site. The flaw is being actively exploited to deliver a back-door trojan known as "Poison Ivy."
Microsoft has urged Windows users on Monday to install a free piece of security software to protect PCs from a newly discovered bug in the Internet Explorer browser.
The security flaw, which researchers say could allow hackers to take remote control of an infected PC, affects Internet Explorer browsers used by hundreds of millions of consumers and workers. Microsoft said it will advise customers on its website to install the security software as an interim measure, buying it time to fix the bug and release a new, more secure version of Internet Explorer.
According to a blog post by security specialist Eric Romang, a security hole in Microsoft's Internet Explorer web browser is being used by cyber criminals to infect computers with malware. The vulnerability, which was apparently unknown and unpatched until now, seems to hinge on how IE handles <img> arrays in HTML files. So far, the attackers have only targeted versions 7 and 8 of IE on fully patched Windows XP SP3 systems; it is not yet certain whether the exploit can be used with other software combinations.
While looking around a compromised server that was being used to exploit Java vulnerabilities, a security researcher stumbled upon another exploit that he claims affects fully patched versions of Microsoft Internet Explorer 7 and 8.
Eric Romang found four files on the server: an executable, a Flash Player movie and two HTML files called exploit.html and protect.html
Microsoft has recently released its June 2012 security update and with it the company also released an advisory to warn customers of a serious zero-day exploit that affects Internet Explorer. While there isn’t a permanent patch for this issue, the Redmond company has made available a “Fix it” solution.
In order to exploit the flaw, an attacker has to host a website that contains a malicious webpage. The cybercriminal would have to social engineer the victim to convince him/her to visit the domain.
