ID: IRCNE2013051838
Date: 2013-05-11
According to “ZDNet”, Microsoft has released a fix that patches a critical zero-day vulnerability that was being actively exploited in the wild.
Multiple security firms warned that Internet Explorer 8 was used to launch "watering hole" attacks at government workers at the U.S. Department of Labor and the U.S. Department of Energy. In a security advisory issued on Friday, Microsoft said it was "investigating" the reports and that it was "aware of [the] attacks." It confirmed the flaw as a "remote code execution vulnerability" that allows hackers to inject malware into a webpage or a user's computer.
All Windows versions running IE8 were at risk, including Windows Server 2003, 2008 and R2 versions, though IE6, IE7, IE9 and IE10 were not.
Today's security patch comes in form of a "Fix It" response — a small one-click application that patches systems in one go — but users are warned to install the April cumulative security update first.
Microsoft explained: "At the moment, we are aware of a limited number of attacks in the wild and they target IE8 on Windows XP only."
Microsoft's Dustin Childs said in an emailed statement: "Customers should apply the Fix it or follow the workarounds listed in the advisory to help protect against the known attacks while we continue working on a security update.
Related Topics:
Microsoft admits zero-day bug in IE8, pledges patch
- 4