Emergency security patch issued by Microsoft to squash Internet Explorer zero day exploit

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 @[email protected]

Bandaid on knee. Image from ShutterstockMicrosoft has released an out-of-cycle security update to protect Internet Explorer users against a vulnerability that was being exploited by malicious hackers.

Earlier this week Microsoft announced it would be issuing Security Update MS12-063, following the discovery last weekend by researcher Eric Romang that the previously unknown vulnerability was being used by a hacking gang to infect computers with the Poison Ivy Trojan.

Normally Microsoft releases security updates on a monthly schedule (known as “Patch Tuesday”), but as the heat rose with exploits using the attack and the likes of the German government urging users to stop using Internet Explorer, the software giant rightly moved to release an out-of-band emergency patch.

As well as defending against the zero-day vulnerability in versions of Internet Explorer, Microsoft’s security patch reportedly resolves four other remote code execution vulnerabilities that Microsoft says are not currently being exploited.

Sign up to our free newsletter.
Security news, advice, and tips.

Vulnerabilities patched by Microsoft

In my opinion, computer users should be grateful for Microsoft’s response. They managed to create, test and roll out a patch for the Internet Explorer security vulnerabilty Romang discovered being exploited by malicious hackers within a week.

That’s not just good news for those who love Internet Explorer. All of us on the net reap the benefits when vulnerabilities are patched, as it gives malicious attacks less opportunities to spread.

Now it’s the turn of businesses to roll out the patch across their computers, and for home users to install the security update (hopefully most of them have automatic updates enabled).

The SophosLabs analysis of the latest Microsoft security patch can be read here.

Bandaid on knee image from Shutterstock.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.