Microsoft to patch zero-day bug Tuesday

Summary:The zero-day attack identified by FireEye as a vulnerability in Internet Explorer will, apparently by happy coincidence, be patched Tuesday as part of Microsoft's regular monthly updates.

Over the weekend, security company FireEye reported an unpatched vulnerability in Internet Explorer which was being used in a targeted zero-day attack against users of a particular web site.


Today, Microsoft announced that the vulnerability will be patched Tuesday in one of their already-scheduled updates. Microsoft says the vulnerability, which has been given the ID CVE-2013-3918, affects an Internet Explorer ActiveX control, but the update that will fix it, Bulletin 3 or MS13-090, is identified as an update to Windows.

Microsoft identifies mitigation techniques, but under the circumstances (highly-targeted attack, patched tomorrow) it's probably not worth resorting to them.

Topics: Security, Windows


Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.