Microsoft to Release Emergency Patch Later Today

After weeks of speculation, Microsoft has confirmed that it will release an emergency patch fix for a critical zero-day flaw in its Internet Explorer web browser. The patch, which applies to attacks targeting Internet Explorer (IE) 6 and IE7, will be released later today.

Emergency patches are relatively rare for Microsoft, which typically only releases its fixes on the second Tuesday of every month. However, the March Patch Tuesday was a light affair, owing to the fact that the zero-day issue being addressed today had only recently been revealed.

Windows XP and Vista Users Vulnerable

It's been three weeks since Microsoft first warned of the threat by releasing Security Advisory 981374.

The issue surrounds the possibility that users of Internet Explorer 6 or 7 could find themselves vulnerable to remote code execution if they're to visit a malicious web site. Users who have made the upgrade to Internet Explorer 8 or the new operating system Windows 7 are not being targeted by the attack.

Security Expert: IE Attacks On the Rise

Wolfgang Kandek, chief technology officer at security firm Qualys, believes the emergency patch release is an indication that this threat is very serious.

"Microsoft's decision to accelerate the release rather than waiting until next Patch Tuesday on April 13th is an indication that attacks against the 'iepeers' vulnerability are on the rise," Kandek noted in a recent blog post. (Source: cnet.com)

His advice? Upgrade, or patch, immediately. "If you are still using [Internet Explorer] IE6 or IE7, patch immediately. But even if you are on IE8 you should patch as quickly as possible, as attackers will start reverse engineering the flaws addressed and preparing corresponding exploits within the week."

Microsoft had released a temporary "Fix It" solution by demonstrating how a user could prevent a remote code execution via a safe registry modification; however, increasing reports of attacks in the wild prompted the software company to release a patch weeks ahead of its next scheduled Patch Tuesday. (Source: pcmag.com)