Microsoft has released a fix for an ActiveX Control critical vulnerability in its Internet Explorer (IE) browser that was being targeted by an advanced watering hole attack.
Microsoft Trustworthy Computing (TwC) group manager of response communications Dustin Childs confirmed the fix in a post on the company's Security Response Center blog.
"The security update will be distributed to customers tomorrow [Tuesday 12 November] via Windows Update at approximately 10am PDT [6pm GMT]. Customers who have Automatic Updates enabled will not need to take any action to receive the update," read the post.
The IE vulnerability was discovered by security firm FireEye earlier in November. The vulnerability is known to have been targeted with an advanced watering hole attack. Watering hole attacks are scams that see hackers turn websites commonly visited by their intended victim into malware-distribution tools.
The attack is significant as it was able to put malware directly onto a computer's memory without first writing it to the hard disk. The execution made it more difficult for companies to check whether their systems had been compromised by the malware using traditional techniques.
Childs called for businesses to take temporary protective measures while they wait for the full fix. These include setting the company's internet and local intranet security settings to high, configuring IE to send a prompt before running Active Scripting or disabling Active Scripting completely and deploying Microsoft's Enhanced Mitigation Experience Toolkit (EMET).
The IE vulnerability discovery comes during a reported boom in cyber attacks. Microsoft released a workaround fix for vulnerabilities in Microsoft's Lync, Office and Windows Server earlier in November, and it is now building a full patch.
The severity of the threat posed by hackers has led many companies to call for increased collaboration between security vendors. Symantec pledged to create a centralised information-sharing big data hub to help customers spot targeted attacks in October.
Instapaper to 'go dark' in Europe until it can work out GDPR compliance
James Robbins of ArrowXL says that AI is no longer 'tomorrow's technology'
Staff told to beware of "unusual sounds" after an employee reported mystery symptoms
Sophisticated malware comprises code previously used to attack Ukraine