The full fix comes Friday for a memory corruption vulnerability that can turn over control of PCs
Microsoft has issued a one-click temporary fix
for an Internet Explorer vulnerability that prompted the German government to urge its citizens to use other browsers until the hole is patched.
The vulnerability affects IE 6 through 9. It’s a memory corruption vulnerabilty that can allow the installation of a remote access trojan, which could allow a variety of nefarious activity on affected computers, including program installation, configuration changes, keystroke logging, file deletion, etc.
This is normally an opportunity to preach the virtues of keeping your browser up-to-date (you’re running IE 6 still? Really?), but this vulnerability affects every version up to the latest.
I do like the one-click “Fix It Now” approach to the temporary solution. Casual users would be much more likely to keep patches up to date given this approach rather than the Patch Tuesday regimen. It could be a pain for IT management, though, if they have (wisely) denied most users install privileges.
And, of course, with frequent enough appearances, it could become another vector of exposure, as attackers find ways to spoof the fix-it-now button.
The permanent fix for the flaw is to be delivered on Friday, Microsoft says.
Related Download Sponsor: Cisco Cisco Secure Mobility Knowledge Hub This Knowledge Hub provides an end-to-end look at what it takes to discover, plan, and implement a successful Secure Mobility strategy. Learn More