Microsoft to issue out-of-cycle patch for 0-day IE exploit
September 19, 2012
This is an urgent update to a vulnerability alert I published two days ago, on Sept 17, 2012.
Bowing to pressure from concerned organizations around the World, Microsoft has just released a temporary "Fix It Tool" to block the primary attack vector used in the newest zero day attacks targeting Internet Explorer users. This Fix It Tool was released only a few days after the initial publication of the details of the exploit code, on the Metasploit website.
The Fix It Tool is designed to "Prevent Memory Corruption via ExecCommand in Internet Explorer." The details about the vulnerability can be found on this page.
If you use Internet Explorer versions 6, 7, 8, or 9, you are vulnerable. Go to the Microsoft Fix It Tool page and download "Microsoft Fix it 50939" to enable your protection. There is also a second tool to disable the protection: "Microsoft Fix it 50938."
Furthermore, Microsoft has announced that they are preparing to release a comprehensive official patch for Internet Explorer, for all affected and still supported Windows platforms. The official patch is scheduled for release on Friday, September 21, 2012. If you set your Automatic Windows Updates option to automatically check for and download important updates, you should receive the official patch sometime on Friday, this week.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.