Zero-Day Internet Explorer Flaw Gets A Patch Tuesday Fix

Bang on schedule Microsoft started rolling out its Patch Tuesday security bulletins for the month yesterday, and according to the company, one of the most severe flaws has finally been fixed.

You may recall that this zero-day flaw in IE was recently made public, and there even have been a few reports of exposed unpatched systems coming under attack.

Sure a dedicated fix-it tool had already been released by Redmond, but a substantial number of users install their updates using the Windows Update option. Well, if you have been waiting for this, then you will be glad to find that this critical vulnerability is history now.

That is, if you download and deploy this update, of course!

The MS13-080 bulletin, appropriately rated Critical, fixes a total of eight privately reported vulnerabilities along with two publicly disclosed ones in Internet Explorer.

Microsoft explained the details in a special blog post:

“The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user.

Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”

This security update comes with a Critical rating for IE6, IE7, IE8, IE9 and IE10 on Windows standard, and a Moderate one for IE6, IE7, IE8, IE9 and IE10 on Windows Server.

Either way, make sure you install this one, even if Internet Explorer is not your primary browser. Since Microsoft’s flagship web browser comes as default, there may be some applications that depend on it. And as the saying goes in (computer) security, one can never be too safe.