Thursday, September 20, 2012

Microsoft offers one-click workaround for IE vulnerability, permanent fix coming Friday


Sep 20, 2012 10:05 am | PC World
by Ian Paul

Microsoft has issued a one-click security workaround for Internet Explorer as a stopgap measure until the company releases a full security update for its Web browser on Friday. The new "Fix it" solution helps protect users of Internet Explorer 6, 7, 8, and 9 from a recently disclosed memory corruption issue that several security experts have seen in active use. The vulnerabilities could allow a hacker to gain remote access to your system with the same user privileges as you including the ability to install or remove programs, modify files, and create new user accounts.
The one-click solution is available from this Microsoft support document under the heading "Fix it for me." Microsoft's Fix it tool does not require a reboot once enabled and the company says the automated workaround will not affect your ability to browse the Web.
Researchers at security firm AlienVault recently said a variant of the latest IE vulnerability was found in the wild and attempted to install a remote access Trojan (RAT) on a user's computer. A RAT would give hackers remote access to your computer and can be used for everything from wiping your hard drive to capturing every keystroke you enter. Security firm Sophos in a blog post also said it had seen hackers using the IE vulnerability in the wild, but the company did not specify what hackers were trying to accomplish with the exploit.
The latest Internet Explorer vulnerability is considered a critical threat. The seriousness of the issue prompted the German government on Tuesday to urge users to give up using IE until Microsoft released a security patch for the vulnerability. Other security experts also advised giving up IE until there was a fix including the Metasploit Project and the security firm F-Secure. Prior to releasing its Fix it tool, Microsoft suggested a somewhat impractical multi-step manual workaround to help mitigate any potential attacks.
Microsoft says it hopes to release Friday's security update for IE as close as possible to 10 a.m. Pacific. You will be able to get the patch via Windows Update. If you have automatic updates enabled, you shouldn't have to take any action to get the security fix. Microsoft also said Friday's update will include more fixes in addition to the memory corruption issue.

0 comments:

Post a Comment