We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Emergency IE patch fixes zero-day flaw

PC securityA growing number of attacks against an Internet Explorer security flaw prompted Microsoft to publish an early fix that wasn't scheduled to come out until April.

While IE 8 is safe from the under-attack flaw, which affects IE 6 and 7, today's cumulative MS10-018 patch also closes eight other bugs. Some of the other bugs affect IE 8 as well, making this a critical patch for most every combination of Windows and IE.

Only Windows Server 2003 with IE 6 or IE 8 or Windows Server 2008 with IE 8 are rated important or moderate. All other combinations are considered critical; see Microsoft's security bulletin for details.

The zero-day flaw was first disclosed earlier this month when it was being hit by targeted attacks, according to Microsoft. Since then, the company has seen "increases in attacks against Internet Explorer 6 and Internet Explorer 7 using the vulnerability". The flaw can be hit by malicious code on a poisoned web site, and allows an attacker to run any command on a victim PC.

To pick up the patch, run Windows Update. And for more details, see the MSRC blog post.

See also:

PC security news, reviews, tips and walkthroughs

Web browser reviews

Security software reviews

PC World

IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

Apple's 2014 highlights: the most significant Apple news of 2014

IDG UK Sites

Watch this heartwarming Christmas short by Trunk for composer John Rutter

IDG UK Sites

Ultimate iOS 8 Tips: 35 awesome and advanced tips for using iOS 8 on iPhone and iPad