Microsoft releases Fix-It for latest 0-day vulnerability. - gHacks Tech News

Microsoft releases Fix-It for latest 0-day vulnerability.

A few days ago a new 0-day vulnerability was discovered that affects all versions of Microsoft's Internet Explorer - but Internet Explorer 10 - on all recent versions of the Windows operating system. Microsoft suggested workarounds like installing the company's own excellent mitigation tool or setting the Internet and Intranet security zone to high to block the exploit from executing. Third parties recommended to not use Internet Explorer until a fix is released by Microsoft.

The security advisory confirmed that targeted attacks were carried out on the Internet, with users only having to visit a website with a vulnerable version of Internet Explorer for the attack to take place. The Poison Ivy trojan was installed on a successfully exploited system, and for some days researchers assumed that it was the only threat.

Today it became known that other exploits have also been used in the last couple of days, making it even more important to fix the vulnerability as soon as possible.

Microsoft today as well has released a Fix IT to patch Internet Explorer and protect the browser and thus the underlying operating system from the 0-day vulnerability. A Fix it is a lightweight portable program that can modify the operating system or programs installed on it. This particular Fix It resolves the 0-day vulnerability for 32-bit versions of Internet Explorer.

fix 0-day vulnerability

Before you apply the patch you need to make sure that Internet Explorer is fully updated.  Once done, download the Fix It from this Microsoft Support page and run it once it is on your computer. Just follow the instructions on screen to patch your system and protect Internet Explorer form being vulnerable to attacks exploiting the vulnerability. Again: this only works for the 32-bit version of Internet Explorer. It is therefor recommended to run this version only for the time being until a security update resolves the issue complete. The Fix It support page offers a second program that you can use to disable the fix again.

It may come as a surprise to many that Microsoft reacted that fast, considering that the company in the past has often taken its time before it released updates to the public. The quick patch may have been designed with Windows users in mind, but it certainly may have also had something to do with the bad press that Microsoft received after the vulnerability was discovered. (via Dottech)

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. ilev said on September 20, 2012 at 9:50 am
    Reply

    This is a temporary fix as Microsoft will issue out-of-band IE update tomorrow Sept.21

    This security hole , and many others, in IE6-9 (and Windows OS) just shows
    how Microsoft “innovate” by copying code for 10 years, from browser to browser without
    any QA and security checks.

    Microsoft:

    This is an advance notification for one out-of-band security
    bulletin that Microsoft is intending to release on September 21,
    2012.

    The full version of the Microsoft Security Bulletin Advance
    Notification for September 2012 can be found at
    http://technet.microsoft.com/security/bulletin/ms12-sep.

    1. Martin Brinkmann said on September 20, 2012 at 10:04 am
      Reply

      Seems they have really got their act together on this one.

      1. Morely Dotes said on September 20, 2012 at 5:13 pm
        Reply

        And how many years did it take them to get their act together on this one, Martin?

        Let’s face it, the only legitimate uses for Internet Explorer are (1) to download a better browser to use on the Internet; (2) Windows Updates; and (3) Intranets that rely on the built-in security holes, because they are using Microsoft servers such as Sharepoint.

        Anything else is simply asking for trouble.

  2. ilev said on September 20, 2012 at 7:21 pm
    Reply

    @Morely Dotes
    “And how many years did it take them to get their act together on this one, Martin?”

    Microsoft wouldn’t have found it in million years. It were the hackers who found the exploit
    in IE and used it to spread trojans. It was a 3rd party security firm which identified the trojans
    and tracked it back to the exploit.

    Even the lastest Nitro botnet pre-installed on Windows PCs hasn’t been found by Microsoft.
    It was found by a customer buying an infected PC.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.