Microsoft To Release Out-of-Band Fix for IE Flaw
Microsoft is readying what it calls a "Fix it" for the Internet Explorer zero-day flaw that surfaced earlier this week.
Planned to be released at 10 a.m. Pacific Time on Friday, the security update will impact Internet Explorer 9 and earlier versions of Microsoft's Web browser (the preview version of Internet Explorer 10 is not susceptible to the vulnerability).
Microsoft said that it is releasing an out-of-band patch due to the fact that the flaw is being actively exploited in the wild.
"There have been an extremely limited number of attacks -- the vast majority of Internet Explorer users have not been impacted," said Yunsun Wee, director with Microsoft's Trustworthy Computing Group. "We are working on an easy-to-use, one-click fix that will be released in the next few days, but in the meantime we recommend customers make sure their antivirus software is up-to-date."
Microsoft typically only releases a fix outside its monthly security update if there is a high threat of attack and it's been almost nine months since the last release. The last out-of-band security update came on Dec. 29, 2011.
Microsoft advises that Internet Explorer users update as soon as the Fix it is available. It will also be hosting a live webcast at 12 p.m. PST on Friday to answer any questions and to provide more information on the update.