Out-of-cycle fixit for new zero-day IE threat

Susan Bradley

When Microsoft issues a security fix outside of its usual Patch Tuesday cycle, it’s always for a good reason.

This past Tuesday, Microsoft released Security Advisory 2887505, which reported a newly revealed vulnerability in all supported versions of Internet Explorer.

At this time, there’s no patch for this latest threat to IE, but there is an MS fixit.

We should take this notice seriously. Microsoft reports there are already a small number of attacks targeting IE 8 and 9 on Windows XP and Windows 7 systems. At this time, there are no reports of attacks against IE 10.

Bottom line: Be careful about what links you click while surfing the Web with Internet Explorer (or any other browser, for that matter). Website admins should test their sites with the fixit installed in IE. And if you use the fixit, be sure to download the companion undo fixit and save it on your computer. You’ll probably need to run the undo when the formal patch is released (date unknown).

-
What to do: Until there’s an official update for this vulnerability, use an alternative browser or download the fixit posted in MS Security Research & Defense blog CVE-2013-3898. Advanced users might also consider downloading and configuring Microsoft’s Enhanced Mitigation Experience Toolkit, which I discussed in the June 6 On Security column.



Subscribe to our Windows Secrets Newsletter - It's Free!

Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

Windows 8 Hacks: Tips & Tools for Unlocking the Power of Tablets and Desktops

Subscribe and get our monthly bonuses - free!

Want to hack the new Start screen and tiles for your Win8 Device, the new Lock screen, the new tile-based apps, or the automatic notification information? Yes, you can do that. How about running other operating systems inside Windows 8, running Windows 8 on a Mac, or hacking SkyDrive and social media? We'll show you how to do that as well. Get this excerpt and other 5 bonuses if you subscribe now!

= Paid content

All Windows Secrets articles posted on 2013-09-19:

Susan Bradley

About Susan Bradley

Susan Bradley is a Small Business Server and Security MVP, a title awarded by Microsoft to independent experts who do not work for the company. She's also a partner in a California CPA firm.