. home.aspx



Microsoft Patches Out-of-Band Zero-Day Security Flaw for IE

December 20, 2018 / Sean Michael Kerner

Users of Microsoft's Windows operating system have grown accustomed to a regular, predictable cadence for patches—on the first Tuesday of every month. On Dec. 19, Microsoft broke that cadence with an emergency out-of-band update for its Internet Explorer (IE) web browser. The reason is simple: Attackers are actively exploiting a zero-day vulnerability, putting millions of users around the world at immediate risk. "We released a security update for Internet Explorer after receiving a report from Google about a new vulnerability being used in targeted attacks," the Microsoft Security Response Center (MSRC) wrote in a media advisory. The flaw impacts multiple versions of IE, ranging from IE 9 on Windows Server 2008 all the way up to IE 11 running on Windows 10. IE has been Microsoft's primary web browser, but with the launch of Windows 10, Microsoft introduced the Edge web browser, which is intended to be the successor to IE. The new flaw apparently is limited to I...