Zero day IE flaw exploited in targeted attacks. Microsoft releases temporary fix

Internet Explorer fixMicrosoft has released an emergency workaround for users of Internet Explorer, to protect against a "limited number" of targeted attacks being specifically directed at IE 8 and IE 9 - but which could potentially affect all versions of the web browser.

According to a blog post by Dustin Childs, a group manager for communications in Microsoft's Trustworthy Computing group, the security hole can be exploited when users visit a boobytrapped webpage:

This issue could allow remote code execution if an affected system browses to a website containing malicious content directed towards the specific browser type. This would typically occur when an attacker compromises the security of trusted websites regularly frequented, or convinces someone to click on a link in an email or instant message. Running modern versions of Internet Explorer ensures that customers receive the benefit of additional security features that can help prevent successful attacks.

Microsoft is trying to create a proper security update to protect against the flaw - but in the meantime, a temporary "Fix-It" tool, dubbed ""CVE-2013-3893 MSHTML Shim Workaround", is available.

It's worth underlining that unlike most fixes from Microsoft, this Fix-It tool will not be automatically rolled out to millions of users. If you want to protect your copy of Internet Explorer from having the flaw exploited, you need to download and run the tool.

And then, like the rest of the internet, you have to hope that Microsoft will roll out a proper and permanent reliable patch for the problem with appropriate haste.

My advice is that Windows users should run the Fix-It tool, especially if they use Internet Explorer to visit websites.

Details of further mitigations and workarounds are detailed in the Microsoft blog post and in an accompanying support advisory.

Tags: , , , ,

Subscribe to the free GCHQ newsletter

, , , ,

Special offers & deals

  • Sticky Password Premium: Lifetime Subscription

    Sticky Password Premium: Lifetime Subscription

    Sticky Password protects your online identity by providing strong encrypted passwords for all your accounts, managed by a single master password known by you, and only you. Available for Mac, Windows, iOS, and Android. For a limited time, it's 80% off in our store.
  • IT Security & White Hat Hacking: CompTIA & Cisco Certifications

    IT Security & White Hat Hacking: CompTIA & Cisco Certifications

    Whether you're a beginner or mid-level professional, you'll want to take this comprehensive online course, to help you attain two industry-recognised certifications. You'll master mobile hacking, VPN technologies, penetration testing, and much more--giving you the knowledge you need to succeed in any IT workplace.

More deals...

Leave a reply

1 Comment on "Zero day IE flaw exploited in targeted attacks. Microsoft releases temporary fix"

Notify of

Sort by:   newest | oldest | most voted
September 17, 2013 10:28 pm

Thanks for the heads-up.

I do not use IE but is hooked to Windows so I'll fix it.