- 21 January 2010 18:00
Symantec Threat Bulletin: Microsoft to Release Out-of-Band Patch to fix Internet Explorer Vulnerability
Microsoft has announced it will release an emergency out-of-band patch to fix the Internet Explorer zero day security vulnerability that has been used by attackers in various high-profile targeted attacks, specifically the recent Trojan.Hydraq attacks waged against Google and a number of other companies. The patch is expected to be released at approximately 10am Pacific Time (PT).
The latest vulnerability affects Internet Explorer 6, 7 and 8, however, the only in-the-wild exploit code for this vulnerability detected so far is confirmed to affect just Internet Explorer 6.
Symantec’s Security Response Team has identified that this security vulnerability has only been used in a very limited number of targeted attacks so far.
The most likely attack vector appears to be targeted emails containing legitimate looking attachments or links to websites sent to high-level employees. When the attachment is opened, an exploit for the vulnerability is activated and the computer becomes infected.
Symantec strongly encourages users to patch their systems against this vulnerability. In addition, enterprises are encouraged to consider implementing an automated patch management solution to help mitigate risk.
Please let me know if you would like to discuss the recent security vulnerability with a Symantec security expert.
+61 2 9954 3492