Posted on Thursday, February 20 2014 @ 11:29 CET by Thomas De Maesschalck
Neowin
noticed Microsoft has issued a
Fix It patch for a critical security vulnerability that affects Internet Explorer 9 and 10.
A more permanent security patch is expected to follow in the coming weeks, likely it will be part of March's Patch Tuesday rollout.
Microsoft's newest security advisory (2934088) states:
This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.
The exploit was first discovered and published by the FireEye security firm, which added that it was used by the mystery hackers to compromise the website of the U.S. Veterans of Foreign Wars. Microsoft has now released a quick "Fix It" patch that will close the exploit in both IE9 and IE10. Older versions of the browser are not affected by this problem. Neither is Internet Explorer 11, which means users of IE9 and IE10 who are running Windows 7, 8 or 8.1 can upgrade to IE11 and be protected from the issue.
