You are here

HomeBrandon Dimmel › Microsoft Releases Temp Fix for Critical IE Flaw

Microsoft Releases Temp Fix for Critical IE Flaw

Dennis Faas's picture
by Brandon Dimmel on March, 15 2010 at 08:03AM EDT

It appears Microsoft won't wait until April's Patch Tuesday to release a fix for a recently revealed zero-day vulnerability found in the company's popular web browser, Internet Explorer. The company is, according to reports, working furiously to get the patch out soon, but hasn't guaranteed it will arrive here before next month.

Releasing emergency patches is rare for Microsoft. However, if the situation warrants fast action the company has demonstrated in the past that it will jump days or even weeks ahead of its monthly Patch Tuesday releases. In this case, Microsoft's March Patch Tuesday came with just a few fixes but a heavy warning from Microsoft about an Internet Explorer 6 and 7 flaw that could allow for remote code execution by hackers.

Vulnerability Already Exploited

As of Wednesday, an Israeli security researcher pinpointed a site that had been using the problematic code for "drive-by" attacks, which can infect computers by simply visiting a malicious web site. The researcher then published a public exploit, bringing the threat's seriousness to a new and much higher level. (Source: computerworld.com)

Security experts took last Tuesday's warning as a sign that Microsoft might release a fix out of its monthly schedule, and that appears to be the case. "We have seen speculation that Microsoft might release an update for this issue out-of-band," noted Microsoft Security Response Center senior manager Jerry Bryant. "I can tell you that we are working hard to produce an update which is now in testing."

Patch Distribution Not Guaranteed

Still, the testing period could take a while. As such, Bryant refused to state whether the patch would make it out ahead of the April 13 Patch Tuesday. All Bryant would say on the subject is: "We never rule out the possibility of an out-of-band update. When the update is ready for broad distribution, we will make that decision based on customer needs." (Source: afterdawn.com)

In the meantime, Microsoft has released a "Fix It" tool designed to disable the problem component in the "iepeers.dll" file causing much of the trouble. The update will help keep PCs running Windows XP and Windows Server 2003 protected while that testing takes place.

http://support.microsoft.com/kb/981374

Filed under:
Security
| Tags:
patch tuesday
,
microsoft
,
update
Rate this article: 
No votes yet
Need Help? Ask!



My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).

We are BBB Accredited

We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.