This weekend, we reported on an exploit that had been discovered inside three older versions of Microsoft's Internet Explorer web browser. Today, Microsoft released a quick "Fix it" patch that closes the exploit found in IE6, IE7 and IE8.
The company's Security Response Center posted a link to the patch on its website today. The page states:
This easy, one-click Fix it is available to everyone and prevents the vulnerability from being used for code execution without affecting your ability to browse the Web. Additionally, applying the Fix it does not require a reboot. While we have still observed only a few attempts to exploit this issue, we encourage all customers to apply this Fix it to help protect their systems.
Microsoft adds that the company is still working on releasing a full security update that will plug up the exploit once and for all, but there is no word on when this update will be released. As we previously noted, this vulnerability was first discovered when hackers attacked the website of the Council on Foreign Relations and caused that site to host malicious content. The content was released as a heap spray attack conducted via Adobe Flash. This security hole does not appear to be present in IE9 or IE10.
Source: Microsoft | Image via Wikipedia