Miles Associates LLC

Jim Miles – IT & IT Security Consultant – Web Sites for Growing Organizations

MS confirms critical IE bug, works on fix

Suggests using blocking tool, but does not plan to issue emergency patch

Microsoft late Wednesday confirmed that all versions of Internet Explorer (IE) contain a critical vulnerability that attackers can exploit by persuading users to visit a rigged Web site.

Although the company said it would patch the problem, it is not planning to rush out an emergency update.

“The issue does not currently meet the criteria for an out-of-band release,” said Carlene Chmaj, a spokeswoman for the Microsoft Security Response Center (MSRC), in an entry on the center’s blog.

Until a patch is ready, Microsoft urged users to use the Enhanced Mitigation Experience Toolkit (EMET) utility to bolster IE’s defenses. The company provided instructions on how to configure EMET to block attacks in the accompanying security advisory .


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: