Microsoft to release emergency Internet Explorer patch on Monday

The patch will fix a vulnerability in Internet Explorer 6, 7 and 8

Microsoft will release a patch on Monday for older versions of its Internet Explorer browser, deviating from its normal repair schedule due to the seriousness of the problem.

The vulnerability, which is present in IE 6, 7 and 8, is a memory corruption issue. It can be exploited by an attacker via a drive-by download, a term for loading a website with attack code that delivers malware to a victim's computer if the person merely visits the website.

Microsoft released a quick fix for the issue earlier this month, but did not have a more permanent patch ready when it released its monthly batch of patches last Tuesday. The company will occasionally release an emergency patch if the software vulnerability is considered a high risk.

"While we have still seen only a limited number of customers affected by the issue, the potential exists that more customers could be affected in the future," wrote Dustin Childs, group manager for the company's Trustworthy Computing Group, on a company blog on Sunday.

The patch, which will be released at 10 AM PST, will be distributed through Windows Update. Childs wrote users will not have to uninstall the quick fix before applying the patch, which will be installed automatically for those who have automatic updates enabled.

Security vendor Symantec credited a group called Elderwood as finding the IE vulnerability due to similarities in the attack code that uses the vulnerability with other attack code.

The Elderwood group has discovered as many as nine other vulnerabilities since 2009 and appears to favor targeting defense contractors, human rights groups, non-governmental organizations and IT service providers, according to a Symantec report issued in September.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

More about: Microsoft, Symantec
Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Microsoft, security, patch management, Exploits / vulnerabilities, data protection, malware
ARN Directory | Distributors relevant to this article
Anyware Corporation , Aquion , ASI Solutions , Bluechip Infotech , Com1 International , Compucon Computers , Dicker Data , Express Data , Express Online , ICT Distribution , Impact Systems Technology , Ingram Micro Australia , Leader Computers , Lynx Technologies , Multimedia Technology , NewLease , Synnex Australia , Topstar Computer International , Wholesale IT , XiT Distribution
ARN Directory | Vendors relevant to this article
Symantec
rhs_login_lockGet exclusive access to ARN's news, research and invitation only events.
ARN Distributor Directory
Find distributors by name | vendor | location
Channel Deals
/deals/aca-pacific/482_abbyy-finereader-11-the-professionals-choice-f
ACA Pacific

ABBYY FineReader 11. The Professionals choice for Intelligent OCR.

More details »
ARN Vendor Directory
Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.