New Internet Explorer 0-day vulnerability being exploited in the wild

Security Expert ,Eric Romang , has come across a new zero-day IE exploit while analyzing a malware page that was being used to exploit Java vulnerabilities. The new vulnerability appears to affect Internet Explorer 7, 8, and 9 on Windows XP, Vista and 7 . There is no official patch for this vulnerability yet, so IE users are recommended to use other browser until a security update becomes available.

http://www.ehackingnews.com/2012/09/new-zero-day-ie-exploit-metasploit-module.html

The patch is finally out now. Installing :slight_smile:

Microsoft Security Bulletin MS12-063 - Critical

Earlier this week I had hoped Microsoft would release the patch no later than Friday. When I logged onto my computer earlier today, they had not yet released the patch. I learned that it had been released when I saw in the Notification Area that Windows Update was downloading something.

I manually installed the patch and restarted Windows. I’m impressed that Microsoft released the patch no later than I hoped they would. :-TU

I checked Secunia’s website and learned that the vulnerability goes as far back as version 6.x of Internet Explorer. Previously I thought it went as far back as version 7.x.

Yeah. Well the ‘vulnerability attack’ scale was low after all. Plus EMET was also available to users to fix that issue until patch. But you are right Microsoft did a good job finally LOL!

Really? That old? Well that’s a thing… You just never know…