Microsoft rushes out security patch for Internet Explorer

Normally, Microsoft releases security bulletins for software products on the second Tuesday of each month. That happened last week as scheduled, but today the company announced it has rushed out an additional patch designed to fix an exploit that has been found in Internet Explorer, and is being used in attacks on IE8 and IE9.

In a post on its security response blog, Microsoft says the issue would allow a hacker to launch a remote code execution if a person surfs to a website using IE that contains malicious code. The blog adds, "There are only reports of a limited number of targeted attacks specifically directed at Internet Explorer 8 and 9, although the issue could potentially affect all supported versions. "

The company has released a "Fix-it" patch, "CVE-2013-3893 MSHTML Shim Workaround" to plug this security hole in all currently supported versions of IE. In addition, Microsoft recommends that users set their security settings on the web browser to "High" to block any ActiveX Controls and Active Scripting on websites. It also recommends users set up IE so that it informs them ahead of time before running any Active Scripting features. The company plans to release a full security patch that will be a more complete solution to this problem in the near future.

Source: Microsoft | Image via Microsoft

Report a problem with article
Previous Story

Microsoft reveals pricing and packaging for Windows 8.1

Next Story

Windows 8 has a 26.87 percent OS market share ... in Tokelau

29 Comments

Commenting is disabled on this article.

It wan't that bad until Oracle got their grubby hand on Java, ever since then it's been an open door for exploitation.

And that's why I keep it far, far away from my system. Don't remember a single time I actually needed to have Java on my system to run an application in my browser.

MC GEEK said,
It wan't that bad until Oracle got their grubby hand on Java, ever since then it's been an open door for exploitation.
Always been, except Sun cared a bit more

NoScript Add-on for Firefox is a huge help. Combine that with AdBlock, and you have raised the bar significantly for would-be bad sites. Nothing is perfect, however. Human behavior is still the biggest security flaw on the Internet.

Misleading title; there is no security patch yet; there is a Microsoft FixIT tool which is not ideal for enterprise.

Good update. Having been forced to use FF and Chrome for different work related reasons over the past year Ive grown to appreciate IE10 even more.

Auditor said,
IE is still buggy and prone to all hacking attempts. Better to use Firefox.

its one thing to have an opinion of something, its another to tell lies.

Uh and your point would be what exactly? ALL browsers have bugs and are being targeted to hack, IE just happens to be a larger target.. IE10/11 is in fact likely one of the most secure browsers available(in the top 2 at least)

BUT thankfully.. Microsoft now has its own bug bounty program for hackers, which means less hacks to worry about for the rest of us

vcfan said,

its one thing to have an opinion of something, its another to tell lies.

What is there to lie about. Prove me that I am lying since you are defender of MS.

Auditor said,

What is there to lie about. Prove me that I am lying since you are defender of MS.

just stop. its embarrassing. for your own sake.

Auditor said,
IE is still buggy and prone to all hacking attempts. Better to use Firefox.

In the future you really should know a subject before talking about it. IE at medium security is pretty much the safest browser out there. IE at high security or with ActiveX plugins only enabled per-site, in x64 mode *is* the safest browser out there. This doesn't even cover the enhanced security mode that is enabled by default on Server editions of Windows.

In high security or enhanced security mode, there is practically no chance anything can infect your computer unless the attacking site has been explicitly authorized to run content at a lower security level. Firefox and Chrome are not really designed with the idea that you don't want them to ever run rich web content.

warwagon said,
or you could just use firefox

Right cuz firefox never has security updates. Kudos to Microsoft for always releasing security updates fast.

j2006 said,

Right cuz firefox never has security updates. Kudos to Microsoft for always releasing security updates fast.

That they do !

warwagon said,
or you could just use firefox

At least you didn't blab about being the first one to post, even if you don't know what you're talking about!

I'll take IE9,10 and 11 over Firefox, or Chrome, for that matter, any day of the year!