Microsoft has issued a one-click temporary fix
for an Internet Explorer vulnerability that prompted the German government to urge its citizens to use other browsers until the hole is patched.
The vulnerability affects IE 6 through 9. It’s a memory corruption vulnerabilty that can allow the installation of a remote access trojan, which could allow a variety of nefarious activity on affected computers, including program installation, configuration changes, keystroke logging, file deletion, etc.
This is normally an opportunity to preach the virtues of keeping your browser up-to-date (you’re running IE 6 still? Really?), but this vulnerability affects every version up to the latest.
I do like the one-click “Fix It Now” approach to the temporary solution. Casual users would be much more likely to keep patches up to date given this approach rather than the Patch Tuesday regimen. It could be a pain for IT management, though, if they have (wisely) denied most users install privileges.
And, of course, with frequent enough appearances, it could become another vector of exposure, as attackers find ways to spoof the fix-it-now button.
The permanent fix for the flaw is to be delivered on Friday, Microsoft says.