A malicious JavaScript was found exploiting a recent found vulnerability in Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8, while Internet Explorer 9 and Internet Explorer 10 are not affected. The zero day flaw came to light after the Council on Foreign Relations website was hacked and was hosting the code as early as December 21st.
Microsoft released a temporary Fix-it patch for IE6, IE7, and IE8 to mitigate risk of being attacked by a infected website nearly two weeks ago and now the company is finally offering a full-fledged security update to fix the remote code execution vulnerability in the older Internet Explorer browsers.
“We recommend that you install this update as soon as it is available. This update for Internet Explorer 6-8 will be made available through Windows Update and our other standard distribution channels. If you have automatic updates enabled on your PC, you won’t need to take any action. If you applied the Fix it released in Security Advisory 2794220, you won’t need to uninstall it before applying the security update,” Microosft explained in an Advanced Notification post.
Microsoft is releasing this patch outside its normal monthly Patch Tuesday cycle and claims to have only seen a limited number of Internet Explorer users affected by this issue. This update will be available January 14th around 1PM Pacific Time.
