Earlier this week, Microsoft released a "Fix it" patch for Internet Explorer 6, 7, and 8 that was designed to close an exploit that was already being used by hackers. Now a security firm has announced it has found a way to bypass the patch, which if discovered by hackers could keep that IE exploit open.
Exodus Intelligence's blog site claims that it took less than a day of work to find issues with the patch. It added, " .... we were able to bypass the fix and compromise a fully-patched system with a variation of the exploit we developed earlier this week." The company says it plans to release its findings to Microsoft.
The "day zero" problem with IE6-8 was first discovered when hackers attacked the website of the Council on Foreign Relations last week and caused that site to host malicious content. The content was released as a heap spray attack conducted via Adobe Flash. As we have previously noted, this browser issue does not affect IE9 or IE10.
Microsoft announced on Thursday it would issue five security updates for various software products on Tuesday as part of its regular monthly patch event. However, those updates won't include anything for any versions of IE.