Microsoft today announced the latest Internet Explorer zero-day flaw (CVE-2014-0322) will be fixed on this month’s Patch Tuesday. The patch will thus be released this Tuesday March 11 at approximately 10:00 AM PDT.
On February 11, security firm FireEye discovered a new vulnerability in Internet Explorer 9 and Internet Explorer 10 was being exploited in the wild. The company followed up with more details on February 13, noting the US Veterans of Foreign Wars’ website was targeted with more sites discovered in the weeks to come.
On every Thursday of every month, Microsoft reveals what security patches it will be releasing on every second Tuesday of the given month. March is no exception, and the company today revealed that this most-pressing flaw is also slated for a fix.
In other words, Microsoft has taken the time to test a solution for the IE flaw that is being exploited since last month. Now that it is confident that the patch will address the issue in question, it can reveal that the fix falls under Bulletin 1 from March’s Security Bulletin Advance Notification.
Microsoft doesn’t reveal too much in its advance notifications so it doesn’t give away anything critical to criminals. We do, however, know that Bulletin 1 is for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT. This suggests the zero-day fix is part of a broader patch that addresses other flaws in Internet Explorer.
Microsoft re-emphasized today that it has seen “a limited number of attacks using this issue” and all of them have only targeted Internet Explorer 10. If you’re on another version of Internet Explorer, the attacks may not have been directed at you, but installing the latest updates is always recommended.
Top Image Credit: Nate Brelsford