Today sees 2013's first 'Patch Tuesday' for Microsoft – a regular occurrence in which the software giant fixes glitches in its programs by issuing user updates. Get Safe Online's advice to users is, as always, make sure you install the updates as soon as prompted.
Today's patches will fix vulnerabilities in Windows and Office, but a permanent fix for the latest bug in older versions of Internet Explorer – a so-called zero-day exploit – is still in the works, according to the company.
On 29 December Microsoft warned about the zero-day flaw in Internet Exlplorer 6, 7, and 8 that could allow attackers to gain control of Windows computers to host malicious websites. Microsoft noted that IE 9 and 10 are unaffected, and suggested a variety of ways around the problem for people running the older versions of the browser.
Last Monday a temporary fix was issued preventing the flaw from being exploited without forcing users to adjust their browser settings. Microsoft warned that this fix is not designed to replace actual security updates but revealed that it is working on a permanent solution.
"At this time, we've seen only a limited number of affected customers," says Dustin Childs, Group Manager of Microsoft Trustworthy Computing. "We take customer protection very seriously and until a security update is released, we encourage people to apply the one-click Fix it solution offered with Security Advisory 2794220 to help ensure protection. Additionally, customers should ensure their anti-malware solution is up-to-date and follow good network hygiene practices, such as enabling a firewall, for added protection against threats."
The glitch can only be exploited if a user is taken to a malicious website, typically through a phishing email, instant message or social networking post. Our advice, as always, is to be careful what links you open from such sources, even if they appear to be from friends – whose account or computer may have been hijacked.