Microsoft breaks patch cycle for surprise IE fix
By Stuart Turton
Posted on 30 Mar 2010 at 08:17
A zero-day vulnerability in Internet Explorer has forced Microsoft to issue an out-of-cycle patch for the second time in three months.
The patch will plug a vulnerability that has been used to to launch drive-by attacks on people running Internet Explorer 6 and 7 for the last few weeks. The vulnerability requires users to visit a malicious website, at which point malware is automatically downloaded to their computer.
"We have been monitoring this issue and have determined an out-of-band release is needed to protect customers," said Microsoft in an advisory.
We have been monitoring this issue and have determined an out-of-band release is needed to protect customers
"Internet Explorer 8 is unaffected by the vulnerability addressed in the advisory and we continue to encourage all customers to upgrade to this version to benefit from the improved security protection it offers."
Windows 7 users are also unaffected by the vulnerability.
The out-of-cycle update follows an emergency patch for Internet Explorer in late January, which addressed eight vulnerabilities in the browser, including one that was used to attack the networks of Google and Adobe.
As with that update, the latest patch also brings a host of fixes addressing flaws in every version of Internet Explorer.
"The out-of-band security bulletin is a cumulative security update for Internet Explorer and will also contain fixes for privately reported vulnerabilities rated Critical on all versions of Internet Explorer that are not related to this attack," said Microsoft.
From around the web
I use firefox
Always better to use firefox
By georgeUS on 30 Mar 2010 
@georgeUS
Firefox also has security vulnerabilities that get fixed on a regular basis just like Internet Explorer.
Let people use whatever browser they wish so long as they keep it up to date.
By Jimbo762 on 30 Mar 2010
I use Safari. Or Firefox.
Mac
By SwissMac on 30 Mar 2010
You can't get away from IE8
My unaffected Windows 7 with unaffected IE8 still needed an out of band cumulative update yesterday but then because of demand on their servers a 17Mb patch took the best part of 3 hours to transfer to my PC via windows update. I use firefox as main browser but you still have to download these updates regardless because of IE8's OS integration.
By mr_chips on 31 Mar 2010
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Publishing your email address isn't a security disaster
- Why antivirus is fighting a losing battle in your office
- Four year olds used to steal their parents' data
- An acceptable use policy for your kids
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
advertisement
