Microsoft has released a temporary fix for a zero-day vulnerability in Internet Explorer 8, following the discovery of a malicious cyber espionage campaign targeting the flaw.
The firm has promised a more permanent fix will arrive soon.
Dustin Childs, Microsoft Trustworthy Computing Group manager, wrote: "We have updated Security Advisory 2847140 to include an easy, one-click Fix it to address the known attack vectors. The Fix it is available to all customers and helps prevent known attacks that leverage the vulnerability to execute code and should not affect your ability to browse the Web.
"The Fix it is an effort to help protect as many customers as possible, as quickly as possible. We continue to work on a security update to address this issue and we're closely monitoring the threat landscape."
The vulnerability was originally discovered by AlienVault on 1 May, when it detected an attack that was believed to come from China. The hackers attempted to hijack control of numerous websites and spread espionage-focused malware.
Qualys CTO Wolfgang Kandek praised Microsoft for its quick reaction to the bug, confirming that the company's opening tests show that the fix does work.
"Microsoft's Enhanced Mitigation Experience Toolkit (EMET) is a free toolkit that oversees the Windows processes and applies a number of mitigation techniques to detect attack against memory corruption vulnerabilities. We ran EMET through its paces with the Metasploit module for CVE-2013-1347, and it indeed catches the exploit before it can install the RAT program," he said.
"Microsoft will no doubt address this flaw, either next week at Patch Tuesday or soon after, if their testing can't be finished in time. You should apply the patch for it as soon as possible, but the additional protection that EMET can bring against these rather frequent zero-days (MS13-008, MS13-021) is definitely worth evaluating."
Microsoft's quick reaction comes just after widespread warnings that the attack targeting the vulnerability would soon be targeted by criminal groups for financial gain. Most recently, security expert Brian Krebs cited the exploits' appearance on free penetration testing service Metasploit as proof that it is only a matter of time before it appears on automated exploit kits like Blackhole.
Geoengineering on the sea floor near glaciers would form a new ice shelf to prevent melting
Alterations in capillary blood flow can be caused by body position change
Curiosity rover is in 'normal mode' but not transmitting scientific data back to base
NatWest outage comes a day after Barclays' IT systems shut out customers and staff