Microsoft Issues Fix For IE Zero-Day Bug

Microsoft has issued an emergency patch update in order to fix a zero-day bug affecting Internet Explorer, which has been exploited by hackers targetting IE 6 and 7 users.

The update was initially going to be issued as part of April’s Patch Tuesday release and actually includes fixes for a total of 10 IE vulnerabilities. Only the zero-day, however, has been reported as under attack.

Microsoft first warned of the vulnerability, which is caused by an invalid pointer reference, during this month’s Patch Tuesday. Though the bug does not affect Internet Explorer 8, attackers were able to exploit the situation on IE 6 and IE 7 to run arbitrary code. According to Microsoft, if Internet Explorer attempts to access an object that has either not been initialized or has been deleted, it can corrupt memory and leave the user open to remote code execution by an attacker.

“If administrators used any of the workarounds suggested in the security advisory (KB981374) that prompted this out-of-band release, it is important for them to un-apply the workarounds,” Jason Miller, data and security team manager at Shavlik Technologies, said in a statement. “This will restore functionality that was lost due to the temporary fix.”

Of the remaining vulnerabilities, only three affected IE 8. However two of those – an uninitialized memory corruption issue (CVE-2010-0490) and an HTML object memory corruption vulnerability (CVE-2010-0492) – are rated “critical.”

“With any zero-day exploit that is being actively targeted, it is critical for administrators to patch their systems as soon as possible,” Miller said. “Some patch maintenance cycles are scheduled over weekends to accommodate the known downtime. While many are planning for a long holiday weekend, administrators should not wait to patch this until next week as we know that hackers won’t be taking the weekend off.”

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

11 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

13 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

15 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

15 hours ago