Microsoft releases fix for Explorer flaw

Microsoft on Thursday released a fix for an Internet Explorer vulnerability that had been exploited by cyber attackers and led the U.S. government to recommend that people use other Web browsers until Microsoft patched the problem.

Users who are running Windows with automatic updates enabled will not need to take any action, as the update will download and install automatically, Microsoft said in a security advisory.

Individuals who don't have automatic updates enabled on their PCs can install the fix manually by clicking the "Check for updates" button in the Windows Update portion of in their Control Panel, according to a Microsoft blog post.

Corporate IT departments can find more details on how to install the update for their organizations in Thursday's security bulletin. Microsoft is hosting a webcast at 11 a.m. today geared toward answering questions from IT people about the fix.

Microsoft had said earlier that any security update would not apply to the nearly 13-year-old Windows XP operating system, which Microsoft had stopped supporting last month, the company said Thursday that it had decided to issue the security update to XP customers.

The Internet Explorer vulnerability, which affects IE versions 6 to 11, is a remote code-execution vulnerability, meaning cyber attackers could create a Web page and persuade users to view that Web page or attachment, which then allows the attackers to execute code on a machine without the victim knowing about it.

The problem was first discovered by cybersecurity firm FireEye Friday evening, which found active attacks exploiting the vulnerability on IE 9 to 11.

Share This Story