Out-of-cycle fixit for new zero-day IE threat

Susan Bradley

When Microsoft issues a security fix outside of its usual Patch Tuesday cycle, it’s always for a good reason.

This past Tuesday, Microsoft released Security Advisory 2887505, which reported a newly revealed vulnerability in all supported versions of Internet Explorer.

At this time, there’s no patch for this latest threat to IE, but there is an MS fixit.

We should take this notice seriously. Microsoft reports there are already a small number of attacks targeting IE 8 and 9 on Windows XP and Windows 7 systems. At this time, there are no reports of attacks against IE 10.

Bottom line: Be careful about what links you click while surfing the Web with Internet Explorer (or any other browser, for that matter). Website admins should test their sites with the fixit installed in IE. And if you use the fixit, be sure to download the companion undo fixit and save it on your computer. You’ll probably need to run the undo when the formal patch is released (date unknown).

What to do: Until there’s an official update for this vulnerability, use an alternative browser or download the fixit posted in MS Security Research & Defense blog CVE-2013-3898. Advanced users might also consider downloading and configuring Microsoft’s Enhanced Mitigation Experience Toolkit, which I discussed in the June 6 On Security column.

Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 10, Windows 8, Windows 7, Firefox, Internet Explorer, Google, etc. Join our 460,000 subscribers!

Enter your email above to receive messages about offerings by Penton, its brands, affiliates and/or third-party partners, consistent with Penton's Privacy Policy.
The Windows 7, Vol 3 (Excerpt)

Subscribe and get our monthly bonuses - free!

The Windows 7 Guide, Volume 3: Advanced maintenance and troubleshooting provides advanced tools for keeping Microsoft's premier operating system up and running smoothly. Get this excerpt and other 4 bonuses if you subscribe FREE now!

= Paid content

All Windows Secrets articles posted on 2013-09-19:

Susan Bradley

About Susan Bradley

Susan Bradley is a Small Business Server and Security MVP, a title awarded by Microsoft to independent experts who do not work for the company. She's also a partner in a California CPA firm.