Microsoft offers 'fix-it' workaround for IE zero-day

Summary:Microsoft has released a one-click "fix-it" workaround to help Web surfers block malware attacks against an unpatched Internet Explorer vulnerability.

Microsoft has released a one-click "fix-it" workaround to help Web surfers block malware attacks against an unpatched vulnerability in its flagship Internet Explorer browser.

The workaround ffectively disables peer factory in the iepeers.dll binary in affected versions of Internet Explorer.

The workaround, available here, comes on the heels of the public release of exploit code into the freely available Metasploit pen-testing framework.

follow Ryan Naraine on twitter

Microsoft confirmed the availability of exploit code for the issue and again urged users to upgrade to Internet Explorer 8, which is not vulnerable to this issue.

The company urged IE users to test the Fix-It workaround thoroughly before deploying as certain functionality that depends on the peer factory class, such as printing from Internet Explorer and the use of web folders, may be affected.

[ SEE: IE zero-day flaw leaks out; Exploit code published ]

Microsoft also confirmed it is considering an out-of-band emergency patch to correct the underlying flaw.

We have seen speculation that Microsoft might release an update for this issue out-of-band. I can tell you that we are working hard to produce an update which is now in testing. This is a critical and time intensive step of the process as the update must be tested against all affected versions of Internet Explorer on all supported versions of Windows. Additionally, each supported language version needs to be tested as well as testing against thousands of third party applications. We never rule out the possibility of an out-of-band update. When the update is ready for broad distribution, we will make that decision based on customer needs.

Malicious hackers are already exploiting the vulnerability to launch targeted attacks.  The earliest attacks include the use of a backdoor that allows complete access to a vulnerable machine.

The backdoor allows an attacker to perform various functions on the compromised system, including uploading & downloading files, executing files, and terminating running processes.

ALSO READ:

Topics: Browser, Microsoft, Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.