Microsoft Issues Stopgap Fix for IE 0-Day Flaw

Microsoft today released a stopgap fix for a critical security flaw in most versions of Internet Explorer that hackers have been exploiting to break into Windows systems. The company said it expects to issue an official patch (MS12-063) for the vulnerability on Friday, Sept. 21.

The company released a “fix it” tool, designed to blunt the threat of attack on this flaw for users of IE 7, 8 and 9. In a blog post, Microsoft’s Yunsun Wee said the one-click solution should not affect users’ ability to browse the Web, and it does not require the reboot of your computer. Users should not need to uninstall the fix to apply the full security patch when Microsoft releases it.

I’m glad to see Microsoft take this step. The company keeps downplaying the threat, stating that “there have been an extremely limited number of attacks,” against that this flaw and that “the vast majority of Internet Explorer users have not been impacted.” Nevertheless, as I noted in previous stories this week, a reliable exploit for this vulnerability has already been rolled into free, easy-to-use attack tools, so IE users should not delay in applying this fix-it tool.


Original article at krebsonsecurity