Microsoft issues emergency patch for Internet Explorer

Microsoft has released an out-of-band release on Thursday to resolve the Internet Explorer vulnerability that was used to hack into Google's corporate network by Chinese attackers. Microsoft says that this particular Internet Explorer update was already scheduled for release as part of February's Patch Tuesday, though the recent string of events caused the company to bring it forward.

Wolfgang Kandek, the CTO of Qualys highlighted the significance of an out-of-order update. Kandek wrote, "An out-of-band release causes additional work for IT administrators that are tasked with addressing operating system vulnerabilities and have been feeling the strain of keeping updated the growing number of software packages that attackers are increasingly targeting."

In a surprising twist, Microsoft has also admitted that this vulnerability could also be exploited via malicious Office documents. Jerry Bryant, a program manager with the IE group confirmed that, "We are also aware that the vulnerability can be exploited by including an ActiveX control in a Microsoft Access, Word, Excel or PowerPoint file."

To protect against this vector, Bryant recommends that customers disable the use of ActiveX Controls in Microsoft Office.

For more on this story:
- check out this article at SC Magazine
- check out this article at Computerworld

Related Articles:
Microsoft confirms new Internet Explorer vulnerability
Mega Patch Tuesday coming next week
Google Chrome Frame makes IE less secure, says Microsoft