Microsoft to release emergency Internet Explorer patch on Monday
- 14 January, 2013 03:48
Microsoft will release a patch on Monday for older versions of its Internet Explorer browser, deviating from its normal repair schedule due to the seriousness of the problem.
The vulnerability, which is present in IE 6, 7 and 8, is a memory corruption issue. It can be exploited by an attacker via a drive-by download, a term for loading a website with attack code that delivers malware to a victim's computer if the person merely visits the website.
Microsoft released a quick fix for the issue earlier this month, but did not have a more permanent patch ready when it released its monthly batch of patches last Tuesday. The company will occasionally release an emergency patch if the software vulnerability is considered a high risk.
"While we have still seen only a limited number of customers affected by the issue, the potential exists that more customers could be affected in the future," wrote Dustin Childs, group manager for the company's Trustworthy Computing Group, on a company blog on Sunday.
The patch, which will be released at 10 AM PST, will be distributed through Windows Update. Childs wrote users will not have to uninstall the quick fix before applying the patch, which will be installed automatically for those who have automatic updates enabled.
Security vendor Symantec credited a group called Elderwood as finding the IE vulnerability due to similarities in the attack code that uses the vulnerability with other attack code.
The Elderwood group has discovered as many as nine other vulnerabilities since 2009 and appears to favor targeting defense contractors, human rights groups, non-governmental organizations and IT service providers, according to a Symantec report issued in September.
Send news tips and comments to email@example.com. Follow me on Twitter: @jeremy_kirk
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- OAIC releases privacy impact assessment guide for consultation
- Some Australian businesses 'unlikely' to be ready for Privacy Act changes: survey
- BYOA 'shadow IT' grows in the enterprise: Telsyte
- Cost of a Privacy Act breach could extend to ongoing audits: legal expert
- How Hunter Water is saving $50k a year in software licences
Trust issue looms large for tech companies capitalizing on personal data
5 women who've made it in IT
Five trends affecting legal CIOs
CIO Roundtable: The changing face of security
Bitcoin malware count soars as cryptocurrency value climbs
Case Study: Columbia Sportswear
With the agility and intelligence provided by their management tools, Columbia sportswear is transforming IT to be much more service oriented in fulfilling business requests and delivering resources as needed. It’s allowing IT to “never say no” with an infrastructure that can handle nearly any project that comes through the door.
Cloud-Based Mobile Device Security Streamlines Data Protection
Read this white paper to learn why cloud-based security offers superior protection that meets today’s requirements for identifying and preventing access to malicious sites and applications while reducing management complexity and IT staff time and effort. This whitepaper discusses: • Increased use of mobile devices and the associated risks • Ways to address security challenges • Benefits of cloud-based anti-malware solutions
Convergence with Vblock Systems: A Value Measurement - IDC In-depth assessment
IT infrastructure is the backbone of today's modern business. It enables rapid expansion into new, fast-growing markets. It is at the core of new customer services offerings such as mobile commerce. It is the key to successfully exploiting an explosion in data and data analytics within business processes.