Out-of-cycle fixit for new zero-day IE threat

Susan Bradley

When Microsoft issues a security fix outside of its usual Patch Tuesday cycle, it’s always for a good reason.

This past Tuesday, Microsoft released Security Advisory 2887505, which reported a newly revealed vulnerability in all supported versions of Internet Explorer.

At this time, there’s no patch for this latest threat to IE, but there is an MS fixit.

We should take this notice seriously. Microsoft reports there are already a small number of attacks targeting IE 8 and 9 on Windows XP and Windows 7 systems. At this time, there are no reports of attacks against IE 10.

Bottom line: Be careful about what links you click while surfing the Web with Internet Explorer (or any other browser, for that matter). Website admins should test their sites with the fixit installed in IE. And if you use the fixit, be sure to download the companion undo fixit and save it on your computer. You’ll probably need to run the undo when the formal patch is released (date unknown).

-
What to do: Until there’s an official update for this vulnerability, use an alternative browser or download the fixit posted in MS Security Research & Defense blog CVE-2013-3898. Advanced users might also consider downloading and configuring Microsoft’s Enhanced Mitigation Experience Toolkit, which I discussed in the June 6 On Security column.



Subscribe to our Windows Secrets Newsletter - It's Free!

Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

PC Drive Maintenance (Excerpt)

Subscribe and get our monthly bonuses - free!

Your hard drives store photos, books, music and film libraries, letters, financial documents and so on. This ebook is aimed at helping you understand your hard drives, expand their capacities and length of life, and recover what you can from them when they fail. We're offering you a FREE Excerpt! Get this excerpt and other 4 bonuses if you subscribe FREE now!

= Paid content

All Windows Secrets articles posted on 2013-09-19:

Susan Bradley

About Susan Bradley

Susan Bradley is a Small Business Server and Security MVP, a title awarded by Microsoft to independent experts who do not work for the company. She's also a partner in a California CPA firm.