Qualys Blog

www.qualys.com
wkandek

Update2 on Internet Explorer 0-day – MS10-018

Microsoft will release MS10-018 a patch for the critical Internet Explorer 0-day vulnerability KB981374 out of band tomorrow, on March 30th. Microsoft’s decision to accelerate the release rather than waiting until next Patch Tuesday on April 13th is an indication that attacks against the "iepeers" vulnerability are on the rise.

Similar to what happened with the last IE 0-day patch MS10-002, Microsoft is including fixes for 9 other vulnerabilities, so the patch is critical for ALL versions of IE

If you are still using IE6 or IE7, patch immediately. But even if you are on IE8 you should patch as quickly as possible, as attackers will start reverse engineering the flaws addressed and preparing corresponding exploits within the week.

Kudos to Microsoft for their quick turn-around on this vulnerability.

Leave a Reply