NEWS - September 20, 2012
by Carol~ - 9/20/12 7:43 AM
Microsoft Will Patch IE Zero-Day on Friday; Fixit Available as Stopgap
Microsoft announced last night it would issue an out-of-band patch on Friday for a zero-day Internet Explorer vulnerability disclosed earlier this week. In the meantime, Microsoft made a FixIt available on Wednesday that would temporarily mitigate the threat posed by active exploits found in the wild.
The out-of-band patch will be available by 1 p.m. ET on Friday, said Yunsun Wee, director of Trustworthy Computing for Microsoft.
This has been a fluid story this week, starting with discovery of exploits for a previously unknown use-after-free memory corruption vulnerability in versions 6-9 of the browser. Soon thereafter, three more exploits were found and were tied to a hacker group in China known as Nitro, the same group responsible for exploits of two zero-day Java flaws disclosed three weeks ago.
"Earlier this week, an issue impacting Internet Explorer affected a small number of customers. The potential exists, however, that more customers could be affected," Wee said in a post on the Microsoft Security Response Center blog.
Continued : https://threatpost.com/en_us/blogs/microsoft-will-patch-ie-zero-day-friday-fixit-available-stopgap-092012
Microsoft Issues Stopgap Fix for IE 0-Day Flaw
Microsoft Releases Fix It Tool for IE Security Flaw
Microsoft issues Fix-it tool for critical IE security hole
See: Microsoft Out of Band Advance Notice | Fix it Solution