It is not often you see Microsoft rushing outs emergency patches, considering the company has a pretty effective monthly Patch Tuesday update cycle going for its software fixes and firmware improvements.
But even though the technology titan released a hefty batch of patches on the second Tuesday of September as scheduled, it has just launched a new security update for Internet Explorer aiming to fix a flaw that is affecting all versions of the company’s flagship web browser.
And yes, Internet Explorer 11 on Windows 8.1 RTM is also in on the action.
Redmond notes in the security advisory that it has received reports of attacks aimed at Internet Explorer 8 and 9, but it is clear that this is a flaw that affects all version of Internet Explorer.
As is so very often the case, the exploit allows remote code execution — meaning an attacker can get access to an unpatched system just by directing user to a compromised website. This is the usual mode of operation of cybercriminals:
“This issue could allow remote code execution if an affected system browses to a website containing malicious content directed towards the specific browser type. This would typically occur when an attacker compromises the security of trusted websites regularly frequented, or convinces someone to click on a link in an email or instant message.”
The Fix It tool, just released by Microsoft, can be used on IE 6, 7, 8, 9, 10 and 11 on a number of versions of Windows like XP, Vista, 7, 8 and 8.1. Both the Preview and RTM, 32-bit and 64-bit flavors of the operating systems are in the mix.
In other words, the whole enchilada!
This company recommends users to set Internet and local Intranet security zone settings to High, so as to block ActiveX Controls and Active Scripting, in order to stay on the safe side. It also plans to release a full security patch that will be a more complete solution to this problem in the near future.
For now, however, take a look at the above link and download the handy little tool.