In the face of an uptick in hacker attacks targeting a zero-day flaw in its Internet Explorer browser, Microsoft has announced plans to ship an emergency IE patch tomorrow (March 30, 2010).
The out-of-band update comes exactly 21 days after Microsoft said it was aware of targeted attacks against Windows users running its flagship browser.
The vulnerability in question only affects Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7.
Two weeks ago, an Israeli hacker was able to piece together clues to reproduce the vulnerability and release exploit code into the Metasploit hacking tool. Since then, there has been a slight uptick in attacks seen in the wild and this forced Microsoft to push ahead with plans for an out-of-band update.
The IE patch will also include fixes for several other vulnerabilities:
The out-of-band security bulletin is a cumulative security update for Internet Explorer and will also contain fixes for privately reported vulnerabilities rated Critical on all versions of Internet Explorer that are not related to this attack.
From the MSRC blog:
Internet Explorer 8 is unaffected by the vulnerability addressed in the advisory and we continue to encourage all customers to upgrade to this version to benefit from the improved security protection it offers.
We recommend that customers install the update as soon as it is available. Once applied, customers are protected against the known attacks related to Security Advisory 981374. We have been monitoring this issue and have determined an out-of-band release is needed to protect customers. For customers using automatic updates, this update will automatically be applied once it is released. Additionally, because Security Bulletin MS10-18 is a cumulative update, it will also address nine other vulnerabilities in Internet Explorer that were planned for release on April 13.
The earliest attacks against this vulnerability includeed the use of a backdoor that allows complete access to a vulnerable machine.
The backdoor allows an attacker to perform various functions on the compromised system, including uploading and downloading files, executing files, and terminating running processes.