We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Emergency IE patch fixes zero-day flaw

PC securityA growing number of attacks against an Internet Explorer security flaw prompted Microsoft to publish an early fix that wasn't scheduled to come out until April.

While IE 8 is safe from the under-attack flaw, which affects IE 6 and 7, today's cumulative MS10-018 patch also closes eight other bugs. Some of the other bugs affect IE 8 as well, making this a critical patch for most every combination of Windows and IE.

Only Windows Server 2003 with IE 6 or IE 8 or Windows Server 2008 with IE 8 are rated important or moderate. All other combinations are considered critical; see Microsoft's security bulletin for details.

The zero-day flaw was first disclosed earlier this month when it was being hit by targeted attacks, according to Microsoft. Since then, the company has seen "increases in attacks against Internet Explorer 6 and Internet Explorer 7 using the vulnerability". The flaw can be hit by malicious code on a poisoned web site, and allows an attacker to run any command on a victim PC.

To pick up the patch, run Windows Update. And for more details, see the MSRC blog post.

See also:

PC security news, reviews, tips and walkthroughs

Web browser reviews

Security software reviews

PC World

IDG UK Sites

Where to buy iPhone 6 and iPhone 6 Plus in the UK: Launch day price, deals and contracts

IDG UK Sites

Is Apple losing confidence in itself?

IDG UK Sites

Professional photo and video techniques for perfect colours

IDG UK Sites

How (and where) to buy an iPhone 6 or iPhone 6 Plus in the UK. Plus: What to do if you pre-ordered...