Microsoft rushes out Internet Explorer fix for zero-day flaw

Microsoft has confirmed it will provide an out-of-band security update this Friday to fix a zero-day vulnerability in its Internet Explorer browser that had prompted security experts to advise against using the tool.

Yunsun Wee, a director for Microsoft's Trustworthy Computing unit, said in a company blog, that it was releasing a one-click fix now and would follow up with a full IE update, available through its Windows Update feature on Friday.

“We recommend that you install this update as soon as it is available. If you have automatic updates enabled on our PC, you won’t need to take any action – it will automatically be updated on your machine,” she wrote.

Typically, Microsoft issues security patches on a monthly basis, as part of its Patch Tuesday programme.

But it has taken the unusual step of releasing this IE update after attacks based on the previously-unknown vulnerability were found in the wild.

The vulnerability was found in versions of IE 7 and IE 8 running on 32-bit Windows XP systems. Those behind the attack were targeting victims running such systems, and covertly installing malware.

The risk from such attacks was enough for the German IT security office to advise users to swap to alternative browsers.

Microsoft is to field customer questions on the security bulletins via a webcast on 21 September, at 12:00pm Pacific Time.

Those not wishing to wait until Friday for the patch can install the fix from Microsoft via its TechNet blogs.

For more insight into some of the major security issues affecting businesses make sure you sign up to the V3 Security Summit taking place on Tuesday 25 September which includes high-level speakers such as Mimecast chief scientist Nathaniel Borenstein and cryptographer Bruce Schneier