Micropatch now available for Internet Explorer security hole
A few days ago, a security vulnerability in Internet Explorer came to light. A flaw in the handling of certain files can be exploited by hackers to steal files from users, and -- most worrying -- it doesn't matter whether the victim is an Internet Explorer user or not.
Microsoft is yet to create a fix for the vulnerability, so someone else has stepped up to the plate. Specialists from ACROS Security have create a micropatch for Windows 10 that addresses the issue, once again beating Microsoft in securing people's computers.
- Internet Explorer flaw leaves Windows users vulnerable to hackers -- even those who don't use the browser
- Microsoft email hack was worse than first thought -- some users' messages were accessed
- Microsoft reveals hackers gained access to its web email services for three months
Through its 0patch platform, ACROS Security is making the micropatch available to Windows users who are concerned about the security of Internet Explorer. While there are likely to be concerns voiced about installing a security patch from a third party, there are two things to consider here. Firstly, the vulnerability is a pretty serious one, and Microsoft has given no indication of when it will be officially addressed. Secondly, we've already seen micropatches delivered through ACROS Security's 0patch which have fixed other problems with Windows.
In a blog post, Mitja Kolsek from the 0patch Team explains the extent of the problem in Internet Explorer, and also provides the patch which is free to download. The micropatch can be seen in action in this video:
ACROS Security says:
While we believe Microsoft will update their original severity assessment of this issue and provide a fix for it, we wanted to give our users a micropatch to allow them to protect themselves. Namely, published 0days often start getting exploited, especially when no vendor fix is available.
The micropatch is currently available for Windows 10 versions 1803 and 1809, and it can be downloaded through the 0patch Agent tool.