Microsoft scrambles on IE zero-day; Can move when it wants to
Microsoft is planning an out-of-band patch for Internet Explorer browser Wednesday as malware attacks escalate.
Microsoft is planning to ship an emergency Internet Explorer update tomorrow (December 17) to counter an escalating wave of malware attacks targeting a zero-day browser vulnerability.
The out-of-band update follows the public discovery of password-stealing Trojans exploiting the bug on Chinese-language Web sites. Over the past week, the attacks have expanded with hackers using SQL injection techniques to seed exploits on legitimate Web sites.
Ryan also notes that this is the second out-of-band patch in the last two months. The good news: Microsoft can move on critical patches when it wants to and can be nimble. The bad news: Microsoft is moving on the IE patch because the attacks are escalating. Make sure you patch IE tomorrow.