Microsoft Releases Fix It Tool to Fight IE Zero-Day Flaw
UPDATED: Microsoft release a fix it tool on Sept. 19 to temporarily resolve a zero-day vulnerability in Internet Explorer that is being targeted by attackers.Microsoft has released a Fix It tool to address a zero-day flaw in Internet Explorer (IE) that has been the target of a number of hacking attacks. The Fix It tool provides a temporary solution for the situation while users wait for an emergency out-of-band patch Microsoft said will be made available Sept. 21. The flaw affects Internet Explorer versions 6, 7, 8 and 9, and can be exploited to remotely execute code. According to security vendor AlienVault, attackers have used the vulnerability to target defense and industrial companies."There have been an extremely limited number of attacks-the vast majority of Internet Explorer users have not been impacted," Yunsun Wee, director, Microsoft Trustworthy Computing, said in a statement. "We are working on an easy-to-use, one-click fix that will be released in the next few days, but in the meantime, we recommend customers make sure their antivirus software is up-to-date." Wee advised users to visit Microsoft's Safety and Security Center for additional information.
The vulnerability arises from the way Internet Explorer accesses an object that has been deleted or has not been properly allocated. As a result, the vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code while a user is working with Internet Explorer, Microsoft warned. Attackers can infect users, the company added, via a specially crafted Website designed to exploit the bug after convincing victims to view the site.