Microsoft Releases Internet Explorer 0-Day Vulnerability Fix-It
If you are a regular of this website you - without doubt - have read the news story a while ago that another 0-day vulnerability was discovered in Microsoft's Internet Explorer. Back then there was not a fix for the vulnerability that was actively being exploited by malicious users.
The vulnerability only affected Internet Explorer 6 and Internet Explorer 7; Anyone updating their web browser to the latest official version of Internet Explorer protects the computer system from the security vulnerability.
But not everyone was able to update. Especially users in corporate environments have still to cope with outdated versions of Internet Explorer.
Microsoft now has released a so called Fix It solution to patch the vulnerability so that it cannot be exploited anymore. A Fix It solution is basically a small program that can be executed right from the web browser to fix problems on the operating system.
Actually, there are two fix it solutions for the same vulnerability and it is enough to use one of them to protect the PC from the Internet Explorer vulnerability.
- Fix it solution for peer factory in iepeers.dll We have created an application compatibility database that will disable peer factory in the iepeers.dll binary for supported versions of Internet Explorer on Windows XP and Windows Server 2003.
To install this application compatibility database, click the Fix it button in the "Fix it solution for peer factory in iepeers.dll" section.
- Fix it solution for Data Execution Prevention We have created an application compatibility database that will enable Data Execution Prevention (DEP) for all versions of Internet Explorer that support DEP. You do not need this database if you are using Internet Explorer 8 on Windows XP Service Pack 3 (SP3) or on Windows Vista SP1 or later versions. This is because Internet Explorer 8 opts-in to DEP by default on these platforms.
To install this application compatibility database, click the Fix it button in the "Fix it solution for Data Execution Prevention" section
The second Fix-It patch requires a computer system that supports DEP which means that it works on every Microsoft operating system from Windows XP on which obviously excludes Windows 2000. The processor also needs to support Hardware-enforced DEP
Both Fix It solutions can be executed or downloaded form this Microsoft Knowledgebase article. Simply click on the download button to download the solution and execute the downloaded program afterwards on the target system.