We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Emergency IE patch fixes zero-day flaw

PC securityA growing number of attacks against an Internet Explorer security flaw prompted Microsoft to publish an early fix that wasn't scheduled to come out until April.

While IE 8 is safe from the under-attack flaw, which affects IE 6 and 7, today's cumulative MS10-018 patch also closes eight other bugs. Some of the other bugs affect IE 8 as well, making this a critical patch for most every combination of Windows and IE.

Only Windows Server 2003 with IE 6 or IE 8 or Windows Server 2008 with IE 8 are rated important or moderate. All other combinations are considered critical; see Microsoft's security bulletin for details.

The zero-day flaw was first disclosed earlier this month when it was being hit by targeted attacks, according to Microsoft. Since then, the company has seen "increases in attacks against Internet Explorer 6 and Internet Explorer 7 using the vulnerability". The flaw can be hit by malicious code on a poisoned web site, and allows an attacker to run any command on a victim PC.

To pick up the patch, run Windows Update. And for more details, see the MSRC blog post.

See also:

PC security news, reviews, tips and walkthroughs

Web browser reviews

Security software reviews

PC World

IDG UK Sites

Sony Xperia Z3 Compact review: A better deal than the Z3 and most smartphones

IDG UK Sites

Why people aren't upgrading to iOS 8: new features are for power users, not the average Joe

IDG UK Sites

Framestore recreates ancient China for Mr Bean's martial arts misadventure

IDG UK Sites

iPad Air 2 review: Insanely fast and alarmingly thin. Speed tests, camera tests and more