Microsoft Releases Temp Fix for Critical IE Flaw

Dennis Faas's picture

It appears Microsoft won't wait until April's Patch Tuesday to release a fix for a recently revealed zero-day vulnerability found in the company's popular web browser, Internet Explorer. The company is, according to reports, working furiously to get the patch out soon, but hasn't guaranteed it will arrive here before next month.

Releasing emergency patches is rare for Microsoft. However, if the situation warrants fast action the company has demonstrated in the past that it will jump days or even weeks ahead of its monthly Patch Tuesday releases. In this case, Microsoft's March Patch Tuesday came with just a few fixes but a heavy warning from Microsoft about an Internet Explorer 6 and 7 flaw that could allow for remote code execution by hackers.

Vulnerability Already Exploited

As of Wednesday, an Israeli security researcher pinpointed a site that had been using the problematic code for "drive-by" attacks, which can infect computers by simply visiting a malicious web site. The researcher then published a public exploit, bringing the threat's seriousness to a new and much higher level. (Source:

Security experts took last Tuesday's warning as a sign that Microsoft might release a fix out of its monthly schedule, and that appears to be the case. "We have seen speculation that Microsoft might release an update for this issue out-of-band," noted Microsoft Security Response Center senior manager Jerry Bryant. "I can tell you that we are working hard to produce an update which is now in testing."

Patch Distribution Not Guaranteed

Still, the testing period could take a while. As such, Bryant refused to state whether the patch would make it out ahead of the April 13 Patch Tuesday. All Bryant would say on the subject is: "We never rule out the possibility of an out-of-band update. When the update is ready for broad distribution, we will make that decision based on customer needs." (Source:

In the meantime, Microsoft has released a "Fix It" tool designed to disable the problem component in the "iepeers.dll" file causing much of the trouble. The update will help keep PCs running Windows XP and Windows Server 2003 protected while that testing takes place.

Rate this article: 
No votes yet