Microsoft Developing Patch for IE Zero-Day Flaw

Microsoft’s most recent Patch Tuesday brought some unwelcome news when security researchers quickly found a practical way to exploit a zero-day flaw in the Internet Explorer browser. Now, Microsoft says it has a temporary workaround, and that a permanent patch will be forthcoming.

eSecurity Planet has the story on Microsoft’s plans to secure Internet Explorer against the zero-day exploit, which the company suggested could come ahead of the next Patch Tuesday cycle.

With the publication of an exploit that takes advantage of a newly found Internet Explorer (IE) zero-day flaw, Microsoft’s security mavens say they are working on a patch.

In the meantime, they have created an automated Microsoft (NASDAQ: MSFT) “Fix It” script that can reconfigure some users’ systems to avoid the vulnerability. Along with other workarounds offered by the company, the move could help protect many customers — but not all who are currently at risk.

As part of last week’s Patch Tuesday bug fix release, Microsoft issued a Security Advisory warning users and administrators of a security hole in IE6 and IE7 that is already being used in active — though, so far, limited — attacks in the wild.

On Thursday, the threat escalated when a security researcher, who goes by the screen name Trancer, released a Metasploit module that implements the attack code for easy reuse by other hackers, based on hints he found on the Web.

Read the full story at eSecurity Planet:

Microsoft Offers IE Exploit Workaround, Promises Patch

News Around the Web