Microsoft to ship emergency IE patch to thwart active attacks

Summary:Redmond will release a critical out-of-band Internet Explorer update to help stop targeted attacks in the wild.

Microsoft has announced plans to ship a critical out-of-band Internet Explorer update tomorrow (Friday, September 21) with fixes for a dangerous browser vulnerability.

The emergency fix comes a week after news emerged that a zero-day flaw in the browser was being exploited in targeted attacks.

The vulnerability affects all versions of the browser up to Internet Explorer 9.  The newest IE version 10 is not affected by this issue.

The raw details:

"A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website."

Microsoft insists the in-the-wild attacks only affect "a small number" of Windows users but warned that there is a legitimate risk of these attacks expanding beyond specific targets.

The company has also released a Fix it tool that provides a temporary fix for users worried about the attacks.  The Fit it is described as "an easy, one-click solution that will help protect your computer right away.  It will not affect your ability to browse the web, and it does not require a reboot of your computer."

Topics: Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.