Microsoft Releases Out-of-Band Patch For IE Vulnerability

News
By published

Microsoft has reacted quickly to a recently emerged zero-day exploit that affects IE 6, 7, 8, and 9. The patch will be made available to IE users on Friday and users are advised to update their IE right away.

Released as a MSI package, the patch is described as a workaround that leverages the Windows application compatibility toolkit to make a small change to MSHTML.DLL in memory every time the DLL is loaded by Internet Explorer. Microsoft previously recommended IE users to take this step manually, while the patch automates the task. Microsoft provides an installation guide for the workaround as well as information to uninstall the patch again.

The company confirmed existing attacks that exploit the vulnerability. However, Microsoft said that "only 32-bit versions of Internet Explorer" are targeted and attacks "rely on third-party browser plugins to either perform efficient heap-spray in memory and/or to bypass the built-in mitigations of Windows Vista and 7 such as DEP and ASLR." However, users can further reduce the risk of a successful attack by updating their Java version from Java 6 to 7.

Contact Us for News Tips, Corrections and Feedback

Wolfgang Gruener
Wolfgang Gruener
Contributor

Wolfgang Gruener is an experienced professional in digital strategy and content, specializing in web strategy, content architecture, user experience, and applying AI in content operations within the insurtech industry. His previous roles include Director, Digital Strategy and Content Experience at American Eagle, Managing Editor at TG Daily, and contributing to publications like Tom's Guide and Tom's Hardware.