Microsoft released the “Fix it” tool to patch a vulnerability, which it confirmed, was being exploited through targeted attacks in Internet Explorer version 6, 7 and 8. IE version 9 and 10 are not affected by this flaw. “Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8,” the company said in a statement.
Researchers who claim to have bypassed the tool haven’t made the code public and that should give some relief to Microsoft. The timing for the announcement couldn’t have been worse as Microsoft has already announced about next Patch Tuesday through its advance notification. It is all the more surprising as this particular bulletin didn’t have any information about the latest IE flaw.
The zero-day vulnerability in the IE 6, 7 and 8 came at the forefront following reports from security firm FireEye that detailed the hacking of Council on Foreign Relations and how it was hosting malicious content.
Microsoft XP users are the most vulnerable as of now as they can’t upgrade to Internet Explorer 9 or 10 and we recommend that such users use either Chrome or Firefox.