Just days after being alerted to a new zero day security vulnerability in all shipping versions of its Internet Explorer (IE) web browser, Microsoft has issued a software fix to correct the problem. The unusually quick response was apparently necessitated by the seriousness of the flaw and rapidly increasing instances of exploitation.
“While we have only seen a few attempts to exploit the issue, impacting an extremely limited number of people, we are taking this proactive step to help ensure that Internet Explorer customers are protected and able to safely browse online,” Microsoft Director Yunsun Wee explained. “The fix is an easy-to-use, one-click, full-strength solution that any Internet Explorer user can install. It will not affect your ability to browse the web, and it will provide full protection against this issue until an update is available. It won’t require a reboot of your computer.”
A security update for IE, which will automatically patch several hundred million PCs around the globe via Microsoft’s Windows Update service, is scheduled for Friday. The flaw affects IE 9 and earlier versions, but not IE 10, which will ship in late October as part of Windows 8.
Microsoft revealed the flaw on Tuesday and provided a couple of workarounds, including one that required a software download but didn’t affect website usability. The so-called zero day flaw had been discovered just a few days before that by a security researcher. At the time, the firm offered no timetable for an official patch, and Microsoft often waits for the next regularly scheduled Patch Tuesday to issue such a fix.
Not this time. Windows users can now visit the Microsoft Support website to download a Fix It solution that mitigates the effects of the flaw on all affected IE versions. And on Friday, Microsoft will deliver a formal security update—shipping via Windows Update—that addresses this flaw and four other, as yet unidentified, critical IE issues.