Microsoft has confirmed it is working on a fix for the latest critical Internet Explorer (IE) flaw, but would not confirm an emergency repair before April's Patch Tuesday.
Jerry Bryant, senior security communications manager at Microsoft, said in a blog post his team was testing an update but would not verify when users could get their hands on it, as thorough testing on all affected versions needed to take place first.
"We have seen speculation that Microsoft might release an update for this issue out-of-band," he wrote. "I can tell you that we are working hard to produce an update which is now in testing."
"We never rule out the possibility of an out-of-band update. When the update is ready for broad distribution, we will make that decision based on customer needs."
The latest flaw in the troubled browser linked to an invalid pointer reference came to light last Wednesday when Microsoft admitted the vulnerability was already being taken advantage of by hackers.
As with many recent flaws, this one only affects IE6 and IE7, so as ever Microsoft is advising users to upgrade to the latest version of the browser, IE8.
-
Enterprises face delicate balancing act with data center sustainability goalsNews High energy consumption, raw material requirements, and physical space constraints are holding back data center sustainability efforts, according to new research from Seagate.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Vulnerability management complexity is leaving enterprises at serious riskNews Fragmented data and siloed processes mean remediation is taking too long
-
Beat cyber criminals at their own gameWhitepaper A guide to winning the vulnerability race and protection your organization
-
Same cyberthreat, different storyWhitepaper How security, risk, and technology asset management teams collaborate to easily manage vulnerabilities
-
Three steps to transforming security operationsWhitepaper How to be more agile, effective, collaborative, and scalable
-
Should your business start a bug bounty program?In-depth Big tech firms including Google, Apple and Microsoft offer bug bounty programs, but can they benefit smaller businesses too?
-
Accessing the XDR realmWhitepaper A guide for MSPs to unleash modern security
-
Why zero trust strategies failIn-depth Zero Trust is the gold standard for organizations in protecting systems from cyber attacks, but there are many common implementation pitfalls businesses must avoid
-
Sitecore XP RCE flaw is being actively exploited, ACSC warnsNews The vulnerability was fixed last month but hackers are now moving against patching laggards
