A fix for a vulnerability that affects Internet Explorer versions 6 through 8 will be launched today at 10 am PT
Microsoft to fix a zero-day IE hole today almost a week after the regular updates of patches this month is Tuesday.
Discovered at the end of last month, the vulnerability could allow attackers to gain control of a Windows computer running an earlier version of IE to direct users to malicious websites. In response, Microsoft had proposed different solutions and even offered a “one-click fix” designed to mitigate the problem, but those were considered temporary solutions.
Upgrade today entirely resolve the problem, according to Microsoft. Scheduled for launch at 10 PT, the fix will be available as a critical update, which means it will automatically be applied to all computers with Windows automatic updates turned on. Otherwise, users will have to manually install the update through Windows Update.
Security professionals have been wondering when Microsoft would solve this problem, as the company did not address the issue of last week’s rollout Patch Tuesday. But a fix for the bug was already in the works.
Dustin Childs, group manager of Microsoft’s Trustworthy Computing, told CNET January 4 that the company was actively working on a security update for the zero-day problem.
Internet Explorer 9 and 10 are immune to this particular defect, to allow users of previous versions of the browser you will need to install the update.
Microsoft has said that he thinks that only a small number of people affected by this bug, but acknowledged the possibility that you might be suffering along the way.
The company will host a live webcast at 1 pm PST today to answer questions about the update.