September 20, 2012
Microsoft To Ship Important Security Patch On Friday
Michael Harper for redOrbit.com — Your Universe Online
Earlier this week, it was discovered that 4 out of every 10 Americans were vulnerable to a dangerous zero-day exploit found in Microsoft´s Internet Explorer.
These attacks stemmed from the same group of malware which was used to exploit a Java vulnerability in Macs late last month.
Users were in danger of “drive-by” attacks as they casually surfed the web. If these users happened to visit a site which contained the exploit, their computers would be taken over and left vulnerable to remote access by other users. The attacks were such a threat and had affected so many users that, according to Reuters, security experts, along with the government of Germany, had implored users to stop using Microsoft´s browser.
Microsoft acknowledged this vulnerability and exploit on Monday, saying they were taking “appropriate action to protect our customers.” The Redmond company also vowed to push out a fix for the vulnerability in either a monthly security update or an emergency update, should the threat warrant one.
It would appear as if the threat was indeed large enough, (or the press was too bad) as Microsoft has today announced a fix for the vulnerability in Internet Explorer. Microsoft had previously suggested IE users bump their security settings to “high” as well as block any ActiveX and Active Scripting in the browser, as well as install an Enhanced Mitigation Experience Toolkit (or EMET). This software was meant to help curb the amount of exploits on vulnerable users.
Late Wednesday, Microsoft announced a permanent repair to the vulnerability which will be released on Friday. According to Reuters, most Windows users have their computers set up to automatically download these security updates, which should make the adoption of this fix a relatively easy one.
In a statement, Microsoft spokeswoman Yunsun Wee claimed a “vast majority” of Internet Explorer users had not been affected by this vulnerability.
“While the vast majority of people are not impacted by this issue, today Microsoft provided a temporary fix that can be downloaded with one easy click and offers immediate protection. We will also provide a permanent solution for customers that will be automatically enabled on Friday, Sept. 21, 2012,” said Wee in a statement to PCMag´s SecurityWatch.
This fix is said to be a “easy-to-use, one-click, full-strength solution” which users can quickly install themselves. Though this patch will protect the millions of Internet Explorers on Windows XP, Windows Vista and Windows 7, Microsoft has taken care to call this fix a “workaround option” rather than a permanent fix. According to the Redmond company, this patch "is not intended to be a replacement for any security update.”
Microsoft´s EMET utility is also a temporary fix, says Woo, essentially protecting users from the exploit rather than patching the exploit altogether.
"EMET in action is unobtrusive and should not affect customers´ Web browsing experience," said Woo in a statement on Monday.
Until the patch ships on Friday, IE users are advised to employ the EMET and adjust their security settings, or simply download a more secure browser.