Microsoft fix for zero-day exploit of Internet Explorer

September 28, 2006

Microsoft normally releases bug fixes and critical security patches on the first Tuesday of every month. This time, they’ve made an exception and quitely rolled out a fix to the major security hole in Internet Explorer discussed on this blog.

Click here to download the update. Please be sure to install it.


Zero Day Exploits are for real – and here now

September 19, 2006

First, a quick definition:  a “zero-day exploit” is a piece of malware (either spyware or a virus) that attacks its victims before their software defenses (such as Trend Micro antivirus) know about them.  They’re very dangerous because when they hit, you are essentially vulnerable for a period of time until a fix happens, or an appropriate virus/spyware definitions file gets updated.

Critical zero-day exploits have been discovered in Internet Explorer in the past day or two.  This means that you are vulnerable if you are running IE for your browsing (still the vast majority of people).

To quote a reputable writer at the weekly news magazine eWeek:  “There is no patch available for the vulnerability and, because exploit code has already been released, incident handlers at the SANS ISC (Internet Storm Center) believe a widespread attack is very likely.”
A recommended preventative measure:
Use the Mozilla Firefox browser instead of Microsoft’s Internet Explorer.  You can download the latest copy here.

More information about this serious problem is available here.