Microsoft has proved the doubters wrong by pulling together a full patch for a zero-day vulnerability being used in attacks on Internet Explorer 8 users in time for its monthly update next week.
Patch Tuesday includes ten bulletins addressing 33 unique vulnerabilities, two of which are critical, including the one affecting Internet Explorer 8. That flaw was used in an attack involving a breach of the US government’s Department of Labor website.
Microsoft had already issued a one-click “Fix it” to give IT teams a way of ensuring IE8 exploits using the vulnerability won’t work, whilst a patch was in the works. The patch was confirmed in Microsoft’s advance notification advisory.
Many hadn’t expected the tech titan to deliver a full fix so quickly. “That’s record time turn around speed for Microsoft and will be sweet music to everyone’s ears,” said Andrew Storms, director of security operations at Tripwire.
The other critical bulletin fixes a critical remote code execution vulnerability discovered during the PWN2OWN competition at CanSecWest earlier this year, affecting IE8 and 9.
The remaining bulletins are rated as important, and include a spoofing issue affecting Windows, from XP through Windows RT and Windows 8. There is a trend towards more “important” updates, according to analysts.
“Microsoft is continuing to dig deeper into their code base to uncover lower level vulnerabilities,” added Paul Henry, Security and Forensic Analyst with Lumension.
“This is good news and I believe the trend toward higher numbers of important bulletins will continue given Microsoft’s apparent commitment to proactively discovering and patching security issues in their code.”
Cops, Villains and Victims: Try our IT Law quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…