Skip to main content

Microsoft’s January security update neglects patch for IE zero-day vulnerability

Following normal routine, Microsoft gave advance notice on Thursday of the seven security updates being released this coming Patch Tuesday, including one rated critical for protecting Windows 8 and Windows RT. All in all, the bundle will address 12 different vulnerabilities. Yet conspicuously missing – as security experts were quick to point out – was a fix for an Internet Explorer zero-day exploit that has recently been plaguing users of IE6, IE7, and IE8.

Although the IE vulnerability alarmed Microsoft enough to issue a security advisory about it last Saturday, the company has since downplayed its seriousness, claiming it affected only a limited number of customers. However, it compromised several websites, including those of Capstone Turbine, a gas turbine manufacturer, and the Council on Foreign Relations, a foreign-policy think tank. When hacked, these websites became unsafe for visitors using IE6, IE7, and IE8, installing unwanted malware on users’ computers and attempting to steal personal data.

Fortunately, there remains a number of solutions for the IE zero-day vulnerability. Newer versions of Internet Explorer do not share this security weakness, so Microsoft is encouraging users to upgrade to IE9 or IE10 if possible. Unfortunately, those running Windows XP or earlier Windows operating systems are unable to upgrade to IE9 and IE10.

For these customers, Microsoft has provided a single-click “Fix it” workaround that will take care of the security vulnerability. Finally, if users see a major increase in the number of attacks exploiting this vulnerability, Microsoft may release a special “out-of-band,” or off-schedule, security update prior to its next Patch Tuesday, which isn’t set to take place until February 12. Of course, you can always try out the latest version of Chrome in the meantime. 

Editors' Recommendations

Mika Turim-Nygren
Former Digital Trends Contributor
Mika Turim-Nygren writes about technology, travel, and culture. She is a PhD student in American literature at the University…
Microsoft patches up major flaw in Internet Explorer
digital storm releases titan z powered bolt ii internet explorer 2 640x0

While Microsoft may have moved on from its longstanding Internet Explorer browser with the launch of Edge in Windows 10, there are many millions of people who have not yet jumped over to the new bandwagon. That in turn suggests that Microsoft will be providing support for the older standard for years to come. Like this latest instance, where it's patched IE to help users avoid a nasty vulnerability.

This particular flaw in Internet Explorer potentially gives remote access to a user's system, though it does have to be executed through the age-old practice of malware infested email attachments, or having someone visit an infected website. If that happens, the nefarious individuals behind the bug are immediately granted the same level of access to your system as your logged-in account. This in turn means that if you're on as an admin, they can do just about whatever they want.

Read more
Microsoft puts ‘Patch Tuesday’ out to pasture, promises quicker security updates
windows 10 features news changes release date version 1432203228 windows10header

At this rate, we may not even recognize Windows in the next few years.

Among the many announcements which are heralding fundamental changes in the way Windows 10 will operate compared to its predecessors, perhaps none are as important as Microsoft's announcement that the company will finally be doing away with the controversial "Patch Tuesday" update schedule.

Read more
Microsoft quashes various critical Internet Explorer bugs, leaves a big one standing
microsoft plugs numerous internet explorer security holes image

After unexpectedly leaving it out of last month’s Patch Tuesday extravaganza, Microsoft found its soon-to-be-replaced browser more vulnerable than ever to various external threats. It should therefore come as no surprise that Internet Explorer is the unfortunate star of February’s security repair assortment.

Over 40 IE vulnerabilities are targeted by the 3034682 update, including one that’s been disclosed prior to the big patch day. Before uninstalling Chrome and Firefox, though, keep in mind the perilous XSS flaw we recently reported remains open for cyber-invasions.

Read more