News Stay informed about the latest enterprise technology news and product updates.

Critical out-of-band Microsoft security patch available for IE

One week after Patch Tuesday, an out-of-band Microsoft security patch is available for a critical flaw in Internet Explorer that affects all supported versions of Windows and Windows Server.

Microsoft made a surprise, out-of-band release to patch a vulnerability in Internet Explorer (IE) that could result...

in remote code execution.

The bulletin (MS15-093) came one week after Microsoft's August Patch Tuesday release and describes a flaw that affects IE versions 7 through 11. According to Microsoft, the remote code execution flaw is a result of Internet Explorer improperly accessing objects in memory. If an attacker can lure a victim to view a specially crafted website designed to exploit this vulnerability through Internet Explorer, the attacker could then gain the same user rights as the current user.

The bulletin says the vulnerability is rated critical for Windows clients, but only moderate on affected Windows Server versions due to the built-in mitigation from the Enhanced Security Configuration's restricted mode, in which IE runs by default.

Microsoft credits a Google researcher, Clement Lecigne, with finding the flaw. According to experts, the Microsoft security patch should be installed quickly, because the flaw is being actively exploited in the wild.

Next Steps

Learn about the last out-of-band Microsoft security patch released for a Windows zero-day.

Dig Deeper on Microsoft Patch Tuesday and patch management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.