Microsoft to release out of cycle patch for IE
An advance notice from Microsoft's security team states that they plan to release an Internet Explorer patch on the 30th of March. This is likely to follow the usual pattern and be released at 21:00 GMT.
The release of this patch outside of the usual monthly patch schedule is presumably because the security vulnerability in the iepeers.dll library is being actively exploited, indeed an improved version of the exploit was published on Friday. The vulnerability was originally disclosed at the start of March, but was not resolved in the following patch day.
The attack only affects Internet Explorer 6 and 7, but, according to the security bulletin, the update will also fix a critical vulnerability in Internet Explorer 8 under Windows 7. The bulletin does not specify whether Microsoft is fixing the security vulnerability demonstrated at last week's Pwn2own competition.
- Microsoft Security Bulletin Advance Notification for March 2010, advisory from Microsoft.
- Zero day exploit for Internet Explorer, a report from The H.
- Attacks on newly discovered vulnerability in IE 6 and 7, a report from The H.
- Exploit for new IE hole, a report from The H.