News

Emergency Zero-Day Internet Explorer Security Fix Released

Microsoft released an out-of-band update for all supported versions of Internet Explorer today after active attacks using the hole have been seen in the wild.

According to Microsoft, bulletin MS15-093 is rated "critical" for all versions of the company's Web browser on all Windows OS versions, and rated "important" on all supported Windows Server versions.

The bulletin takes care of one memory corruption issue that could lead to a remote code execution (RCE) attack. Microsoft said that the vulnerability could be used to run arbitrary code on a targeted system if an attacker "hosts a specially crafted websit that is designed to exploit this vulnerability through Internet Explorer, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit this vulnerability."

Today's fix modifies the way that Internet Explorer handles objects in memory to close the security hole. It is recommended that this bulletin be applied as soon as possible. Microsoft rarely releases out-of-band patches, and the urgent nature could suggest that more attacks may be on their way, said Qualys CTO Wolfgang Kandek.

"Now that the vulnerability is disclosed we expect the attack code to spread widely and get integrated into exploit kits and attack frameworks," said Kandek in an e-mailed comment. "Patch as quickly as possible."

Those running Windows 10 or earlier OS versions with automatic updates will have the fix pushed through to them. For those that prefer to download and apply it themselves, the patch can found on the bulletin summary page.

Today's security update comes just one week after Microsoft released its scheduled August patch, which included a cumulative update for all versions of Internet Explorer. It's unclear why Microsoft didn't include today's update with last week's rollout.

Microsoft acknowledged security researcher Clement Lecigne at Google for the discovery and disclosure of the memory corruption flaw.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Sign

    2018 Microsoft Predictions Revisited

    From guessing the fate of Windows 10 S to predicting Microsoft's next big move with Linux, Brien's predictions from a year ago were on the mark more than they weren't.

  • Microsoft Recaps Delivery Optimization Bandwidth Controls for Organizations

    Microsoft expects organizations using its Delivery Optimization peer-to-peer update scheme will optimally see 60 percent to 70 percent improvements in terms of network bandwidth use.

  • Getting a Handle on Hyper-V Virtual NICs

    Hyper-V usually makes it easy to configure virtual network adapters within VMs. That is, until you need to create a VM containing multiple virtual NICs.

  • Microsoft Highlights Emerging Kubernetes Scalability and Governance Efforts

    Microsoft this week highlighted some emerging efforts to improve both the scalability and governance of the open source Kubernetes container orchestration service.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.