January 14, 2013

Microsoft today deviated from its usual monthly patch cycle in issuing an emergency security update to fix a critical security hole in its Internet Explorer Web browser that attackers have been exploiting to break into Windows PCs.

IEwarningThe update, MS13-008, addresses a single vulnerability in IE versions 6 through 8, and is available through Windows Update. The patch comes a little more than two weeks after security firms began seeing evidence that hackers were leveraging the vulnerability in targeted attacks. Microsoft maintains that it has┬áseen only a limited number of attacks against the flaw, but acknowledged in a blog post that “the potential exists that more customers could be affected.”

Prior to today, Microsoft released a stopgap Fix It tool to help blunt attacks against the IE flaw. According to Microsoft, “if you previously applied the Fix it offered through the advisory, you do not need to uninstall it before applying the security update released today. However, the Fix it is no longer needed after the security update is installed, so we are recommending that you uninstall it after you have applied the update to your system.” Users who applied the Fix It solution can uninstall it by clicking the Fix It icon under the words “Disable MSHTML shim workaround” at this page.

5 thoughts on “Microsoft Issues Fix for Zero-Day IE Flaw

  1. JimV

    If you previously applied the FixIt workaround to temporarily gain protection from this exploit and will now need to remove it per the MS advisory, that FixIt tool isn’t immediately available from the link Brian provided but both can be accessed at the following:


  2. Debbie Kearns

    Thanks for the heads-up. I already installed the patch, so I’m all set! ­čÖé

  3. A

    Windows Update refuses to tell me about this one for some reason.

Comments are closed.