March 31st, 2010, 21:50 PM
Microsoft Fixes Zero-Day Bug With Emergency IE Patch
Microsoft released an emergency, out-of-band patch for Internet Explorer Tuesday, repairing 10 critical errors in the Web browser that have already left the browser susceptible to malicious attacks in the wild.
Microsoft's cumulative out-of-band update, which was given the highest severity rating of "critical," repaired one publicly reported vulnerability and nine privately reported errors in all versions of IE, including IE 5.01, IE 6 Service Pack 1, IE 6 on Windows clients, IE 7, and IE 8 on Windows clients. However, the update was ranked as "important" for IE 6 and "moderate" for IE 8, both on Windows servers.
Originally, the IE patch was slated to be part of the April 13 Patch Tuesday update cycle, but was subsequently bumped up when Microsoft researchers began seeing an increasing amount of attacks exploiting the vulnerability on IE 6 and IE 7.
Full story: CRN