Industry Trends

Using Internet Explorer? Urgent Patch to Combat Zero-Day In The Wild Available

By Richard Henderson | September 17, 2013

Microsoft announced today that an attacker or attackers are exploiting a previously known exploit in virtually all versions of Internet Explorer.

Microsoft has released an out of bound Fix-It patch for users to implement as soon as possible while they work on a permanent fix.

The exploit is CVE-2013-3893 and allows an attacker to execute code remotely - this means that simply by visiting a hacked or malicious website, you will likely have malware installed on your system.

To install the Fix-It patch, visit this page. Simply click on the "Enable Fix it" button to install the patch. If the patch causes issues and you need to revert, you can click the "Disable Fix it" button to uninstall the patch, but you should be very certain you wish to do so.

There are also more details on the exploit at the above link, but to briefly summarize it, the exploit found a vulnerability in Use After Free in the HTML rendering engine used by IE (mshtml.dll).

Microsoft has also provided a second page for people to download the Fix it patch, and you can view that here.

Please don't delay if you're an IE user - this is being actively exploited in the wild.

Join the Discussion