Microsoft has issued an emergency patch update in order to fix a zero-day bug affecting Internet Explorer, which has been exploited by hackers targetting IE 6 and 7 users.
The update was initially going to be issued as part of April’s Patch Tuesday release and actually includes fixes for a total of 10 IE vulnerabilities. Only the zero-day, however, has been reported as under attack.
“If administrators used any of the workarounds suggested in the security advisory (KB981374) that prompted this out-of-band release, it is important for them to un-apply the workarounds,” Jason Miller, data and security team manager at Shavlik Technologies, said in a statement. “This will restore functionality that was lost due to the temporary fix.”
Of the remaining vulnerabilities, only three affected IE 8. However two of those – an uninitialized memory corruption issue (CVE-2010-0490) and an HTML object memory corruption vulnerability (CVE-2010-0492) – are rated “critical.”
“With any zero-day exploit that is being actively targeted, it is critical for administrators to patch their systems as soon as possible,” Miller said. “Some patch maintenance cycles are scheduled over weekends to accommodate the known downtime. While many are planning for a long holiday weekend, administrators should not wait to patch this until next week as we know that hackers won’t be taking the weekend off.”
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…