ID: IRCNE2013011716
Date: 2013-01-05
According to "cnet", Microsoft's regular Patch Tuesday rolls around next week. But one flaw that won't be fixed in the mix is the latest zero-day exploit in Internet Explorer.
Last Saturday, Microsoft warned about the zero-day flaw in IE 6, 7, and 8 that could allow attackers to gain control of Windows computers to host malicious Web sites. In its advisory, the company noted that IE 9 and 10 are unaffected by the vulnerability and suggested a variety of workarounds to those running the older browser versions.
On Monday, the company issued a temporary fix that prevents the flaw from being exploited without forcing users to tweak their browser settings.
"We are actively working on a security update for the issue described by Security Advisory 2794220," Dustin Childs, group manager of Microsoft Trustworthy Computing, said in a statement sent to CNET today.
"At this time, we've seen only a limited number of affected customers," he added. "We take customer protection very seriously and until a security update is released, we encourage people to apply the one-click Fix it solution offered with Security Advisory 2794220 to help ensure protection. Additionally, customers should ensure their anti-malware solution is up-to-date and follow good network hygiene practices, such as enabling a firewall, for added protection against threats."
Among the seven patches due out next week, two are deemed critical, meaning they could allow an attacker to remotely run malware on a vulnerable PC if the user opens a malicious Web page or e-mail. Critical patches are automatically applied as long as Windows updates are set to automatically install.
The two critical patches affect Windows, Office, Microsoft Developer Tools, and Microsoft Server software.
Related Link:
Microsoft confirms zero-day bug in IE6, IE7 and IE8
Microsoft issues fix for IE flaw that could allow PC hijack
- 2