The latest from Redmond on the pressing matters of computing security is that the company has just announced that it would patch the recently discovered Internet Explorer flaw later today.
The 0-day flaw was made public just recently, and there were some doubts that the software titan may skip this particular vulnerability on Patch Tuesday, owning to the fact of not having enough time to prepare and test an update.
This new flaw actually affects the ActiveX Control on Internet Explorer, making user computers open to attack. Microsoft will take care of this as part of Bulletin 3, which is set to be released as MS13-090.
Below is what Redmond had to say on this:
“As a best practice, we always encourage customers to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. We also encourage customers to exercise caution when visiting websites and avoid clicking suspicious links or opening email messages from unfamiliar senders.”
As usual, customers that have Automatic Updates enabled will not have to take any action to receive this new update, and it will be deploy by itself without any interaction necessary.
This flaw was discovered by security firm FireEye Labs, and two vulnerabilities were identified, both of which grant an attacker the same rights as the logged in user.