Microsoft issues emergency patch for zero-day flaw in Internet Explorer

2 May 2014

Microsoft has issued an emergency patch to fix a zero-day flaw found in versions of its Internet Explorer web browser ranging from versions 6 to 11.

The vulnerability could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

“This security update addresses every version of Internet Explorer,” said Dustin Childs, group manager at Trustworthy Computing.

“While we’ve seen only a limited number of targeted attacks, customers are advised to install this update promptly. The majority of our customers have automatic updates enabled and so will not need to take any action as protections will be downloaded and installed automatically.”

Childs said that if you’re unsure if you have automatic updates, or you haven’t enabled Automatic Update, now is the time. 

Security update for Windows XP

Microsoft is also issuing a security update for Windows XP users, despite ending support for the operating system on 8 April. According to Net Applications, around 26pc of computers connected to the internet today still run on Windows XP.

“We have made the decision to issue a security update for Windows XP users. Windows XP is no longer supported by Microsoft, and we continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1.

“Additionally, customers are encouraged to upgrade to the latest version of Internet Explorer, IE 11.”

More information on the updates can be found on the Microsoft Security Bulletin summary webpage.

Microsoft is a Silicon Republic Featured Employer, comprised of top tech companies that are hiring now

Internet security image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com