Microsoft issues fix-it patch for critical vulnerability in Internet Explorer 9 and 10
Recently we learned about a critical vulnerability found in IE 9 and IE 8. Microsoft had confirmed that it was aware of the bug, and on Wednesday, the company issued a fix-it patch that addressed the vulnerability for both the affected browsers.
While those on Windows 7 and higher could simply install Internet Explorer 11, the current version of Internet Explorer, and get away with the problem, Windows Vista users, which account for 3.6% of desktop share, had no such option. This attack code had left one third of Internet Explorer users vulnerable. This attack code was reportedly circumventing one of Windows’ most critical anti-exploitation technologies ASLR (address space layout randomization) using Flash ActionScript which is used by many websites that run content using Flash player.
Microsoft has made available a “fix It” patch on its website which you can manually install on your computer. You can install this patch until the company rolls out a permanent fix, likely during the upcoming Patch Tuesday. “This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.” states, Microsoft’s newest security advisory (2934088). A permanent fix for this issue will be coming very soon, perhaps in the March’s “Patch Tuesday.”Internet Explorer, Microsoft, Security