Microsoft today deviated from its usual monthly patch cycle in issuing an emergency security update to fix a critical security hole in its Internet Explorer Web browser that attackers have been exploiting to break into Windows PCs.
The update, MS13-008, addresses a single vulnerability in IE versions 6 through 8, and is available through Windows Update. The patch comes a little more than two weeks after security firms began seeing evidence that hackers were leveraging the vulnerability in targeted attacks. Microsoft maintains that it has seen only a limited number of attacks against the flaw, but acknowledged in a blog post that “the potential exists that more customers could be affected.”
Prior to today, Microsoft released a stopgap Fix It tool to help blunt attacks against the IE flaw. According to Microsoft, “if you previously applied the Fix it offered through the advisory, you do not need to uninstall it before applying the security update released today. However, the Fix it is no longer needed after the security update is installed, so we are recommending that you uninstall it after you have applied the update to your system.” Users who applied the Fix It solution can uninstall it by clicking the Fix It icon under the words “Disable MSHTML shim workaround” at this page.
Tags: CVE-2012-4792, Fix it, FixIt, IE 0day, IE zero day, internet explorer, microsoft, MS13-008
9(unknown*no*no*0)&guid=ON){kind=small}
If you previously applied the FixIt workaround to temporarily gain protection from this exploit and will now need to remove it per the MS advisory, that FixIt tool isn’t immediately available from the link Brian provided but both can be accessed at the following:
http://support.microsoft.com/kb/2799329
Thanks, Jim. I meant to put that in earlier. Will update it with that link now.
Thanks for the heads-up. I already installed the patch, so I’m all set!
Windows Update refuses to tell me about this one for some reason.
Whoops, that’s because I have IE 9.