Feeds

Microsoft issues emergency IE bug patch

Zero-day flaw exploited by hackers takes six to fix

Internet Security Threat Report 2014

Microsoft has released a 26.9MB patch which fixes five vulnerabilities, including the zero day flaw that is cracking Windows systems via the most common versions of Internet Explorer.

The MS12-063 update provides a fix for the flaw, which is in use by hackers against some companies. The patch also has four more flaw-fixes, which have not been spotted in the wild, according to Redmond.

"The majority of customers have automatic updates enabled and will not need to take any action because protections will be downloaded and installed automatically. For those manually updating, we encourage you to apply this update as quickly as possible," said Yunsun Wee, director of Microsoft Trustworthy Computing in a blog post.

The flaw was rated as critical or moderate risk, depending on which browser and operating system you are running, but would allow full remote code execution on systems running IE 7,8 and 9 running Adobe Flash on fully-patched Windows XP, Vista and 7 machines, using malware embedded in a web page.

It was discovered by security researcher Eric Romang on an Italian hacking tools site, but there have been reports that it has been used to distribute the Poison Ivy Trojan by the same group that exploited the Java zero-day flaw found in the last month.

So far the automatic update service appears to be running a little slow, at least in El Reg offices, but a manual search picks up the patch. As well as being a fairly hefty download size, the fix also requires a total restart (Linux users can look smug now.)

Microsoft will hold an hour-long webcast to discuss the flaw and its implications at 1200 PT (2000 UT) on Friday. ®

Remote control for virtualized desktops

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
State Dept shuts off unclassified email after hack. Classified mail? That's CLASSIFIED
Classified systems 'not affected' - but, is this reconnaissance?
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.