A vulnerability, first announced by Microsoft on September 17, 2013, has been released to the public which may increase attacks that exploit that vulnerability significantly.
The vulnerability affects all versions of Microsoft Internet Explorer. Microsoft was aware of limited targeted attacks against Internet Explorer 8 and 9 when it released the security advisory but this situation may have changed in the meantime.
The remote code execution vulnerability may "corrupt memory in a way" that "could allow an attacker to execute arbitrary code" on the PC using the same privileges as the signed in user.
Our recommendation: Install the Fix It as soon as possible on your Windows PC, or configure Microsoft EMET so that it can mitigate the vulnerability. For details on how to do so, scroll down to the EMET configuration section of this article.
The Fix It
Microsoft has released a Fix It tool that patches the vulnerability on Windows PCs. This is a temporary solution as Microsoft is currently working on a patch that it will distribute via the company's Windows Update system to all users.
The main problem here is that the Fix It tool won't reach all Windows users, which means that the majority of Windows PCs will remain vulnerable to the attack until the patch is released via Windows Update by the company.
The Fix It itself requires no user interaction other than checking the license check box and clicking on next and close. The patch will be applied at once and the system is protected from the vulnerability from that moment on.
A Fix It to disable the protection is also provided on the same page.
Microsoft's excellent EMET program can mitigate the vulnerability as well. Microsoft has released specific configuration instructions for the software:
It is currently not clear if Microsoft will release the patch as part of its monthly Patch Tuesday routine, or if the company needs more time to develop and test a working patch.
The next batch of security updates for Windows will be made available on October 8, 2013 by Microsoft.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.