Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.
  • 21 January 2010 18:00

Symantec Threat Bulletin: Microsoft to Release Out-of-Band Patch to fix Internet Explorer Vulnerability

Microsoft has announced it will release an emergency out-of-band patch to fix the Internet Explorer zero day security vulnerability that has been used by attackers in various high-profile targeted attacks, specifically the recent Trojan.Hydraq attacks waged against Google and a number of other companies. The patch is expected to be released at approximately 10am Pacific Time (PT).

The latest vulnerability affects Internet Explorer 6, 7 and 8, however, the only in-the-wild exploit code for this vulnerability detected so far is confirmed to affect just Internet Explorer 6.

Symantec’s Security Response Team has identified that this security vulnerability has only been used in a very limited number of targeted attacks so far.

The most likely attack vector appears to be targeted emails containing legitimate looking attachments or links to websites sent to high-level employees. When the attachment is opened, an exploit for the vulnerability is activated and the computer becomes infected.

Symantec strongly encourages users to patch their systems against this vulnerability. In addition, enterprises are encouraged to consider implementing an automated patch management solution to help mitigate risk.

Please let me know if you would like to discuss the recent security vulnerability with a Symantec security expert.

Media Contact:

Jasmin Athwal

Max Australia

+61 2 9954 3492

Jasmin.Athwal@maxaustralia.com.au

Submit a media release