X

Microsoft to patch IE zero-day flaw today

A fix for a vulnerability hitting Internet Explorer versions 6 through 8 will be rolled out today at 10 a.m. PT.

Lance Whitney Contributing Writer
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
Lance Whitney
2 min read

Microsoft will fix a zero-day hole in IE today almost a week after this month's regular Patch Tuesday updates.

Discovered late last month, the vulnerability could allow attackers to gain control of a Windows computer running one of the older versions of IE by directing users to malicious Web sites. In response, Microsoft had suggested several workarounds and even offered a "one-click fix" designed to mitigate the problem, but those were considered temporary solutions.

Today's update will fully resolve the issue, according to Microsoft. Scheduled for rollout at 10 a.m. PT, the fix will be available as a critical update, meaning it will automatically be applied to any Windows computers with Automatic Updates turned on. Otherwise, users will need to install the update manually through Windows Update.

Security professionals were wondering when Microsoft would resolve this flaw, since the company did not address the problem in last week's Patch Tuesday rollout. But a fix for the bug was already in the works.

Dustin Childs, group manager of Microsoft Trustworthy Computing, told CNET on January 4 that the company was actively working on a security update for the zero-day issue.

Internet Explorer 9 and 10 are immune to this particular flaw, so users of older versions of the browser will need to install the update.

Microsoft said it found only a limited number of people hit by this bug, but it acknowledged the possibility that more could be affected down the road.

The company will host a live webcast at 1 p.m. PST today to answer questions regarding the update.