Microsoft Issues 'Fix-It' for Internet Explorer Flaw
Microsoft has rushed out a "fix-it" for the critical flaw that affects all current versions of Internet Explorer. A permanent fix will be coming tomorrow (Sept. 21).
"The 'Prevent Memory Corruption via ExecCommand in Internet Explorer' Fix it solution," Microsoft said in a support document posted yesterday (Sept. 19), "is not intended to be a replacement for any security update. We recommend that you always install the latest security updates."
Users can download the "fix it" — as well as a second "fix it" to disable the first, if needs be — directly from the support page. However, users should first fully update their versions of Windows and of Internet Explorer.
Furthermore, the "fix it" works only for 32-bit versions of IE, not 64-bit ones. (If you don't know what that means, you've probably got the 32-bit one.)
"It will not affect your ability to browse the Web, and it does not require a reboot of your computer," Microsoft director of Trustworthy Computing Yunsun Wee said in a blog posting yesterday.
Users of 64-bit versions of Internet Explorer will have to either use the more complicated workaround spelled out in Microsoft's security advisory from Monday.
Or, they can stop using Internet Explorer altogether until tomorrow, which is when, according to Wee, Microsoft will be pushing out a permanent fix through an out-of-cycle Windows Update patch.
"We recommend that you install this update as soon as it is available," Wee said. "This will not only reinforce the issue that the Fix It addressed, but cover other issues as well."
The Internet Explorer flaw lets an attacker gain remote control of a targeted Windows machine at the same level of privilege as the current legitimate user. It affects Internet Explorers 6, 7, 8 and 9 on Windows XP, Vista and 7.
Windows 8, due for general release Oct. 26, and its Internet Explorer 10 browser are not affected.