Microsoft issues fix for IE flaw that could allow PC hijack

One-click workaround designed to prevent attackers from gaining control of vulnerable Web browsers.

Internet Explorer

Microsoft issued a fix today for a zero-day vulnerability in older versions of Internet Explorer that could allow attackers to gain control of Windows-based computers to host malicious Web sites.

The company confirmed Saturday that it was investigating a remote code execution vulnerability in IE 6, IE 7, and IE 8 that could allow an attacker to use the corrupted PC to host a Web site designed to exploit the vulnerability with other users. Versions of the browser after IE 8 are unaffected, Microsoft said.

Microsoft said in an update to that security advisory that it has developed a one-click fix that prevents the vulnerability from being exploited without affecting users' ability to browse the Web. Microsoft also said the fix doesn't require a reboot.

Microsoft cautioned that the workaround was not intended to serve as a replacement for security updates.

"While we have still observed only a few attempts to exploit this issue, we encourage all customers to apply this fix it to help protect their systems," Dustin Childs, group manager for Microsoft's Trustworthy Computing, said in a statement.

Discovered last week, the flaw was reportedly used to exploit Windows PC users who visited the Web site for the Council on Foreign Relations, a nonpartisan think tank specializing in U.S. foreign policy and international affairs. The site has been hosting the malicious code since at least December 21, Darien Kindlund, senior staff scientist at security adviser FireEye, wrote in a blog post on Friday.

Featured Video

How Pixar created the world of 'The Good Dinosaur'

Pixar's upcoming new film imagines what it would have been like if dinosaurs never became extinct.'s Lexy Savvides reports on how real-world data helped make the movie's prehistoric landscapes look incredibly authentic.

by Lexy Savvides