
<p>Microsoft has released a Fix It tool to address a zero-day flaw in Internet Explorer (IE) that has been the target of a number of hackingattacks.</p><p>The Fix It tool provides a temporary solution for the situation while users waitfor an emergency out-of-band patch Microsoft said will be made available Sept.21. The flaw affects Internet Explorer versions 6, 7, 8 and 9, and can beexploited to remotely execute code. According to security vendor AlienVault,attackers have used the vulnerability to target defense and industrialcompanies."There have been an extremely limited number of attacksthe vast majority of Internet Explorer users have not been impacted," Yunsun Wee, director, Microsoft Trustworthy Computing, said in a statement. "We are working on an easy-to-use, one-click fix that will be released in the next few days, but in the meantime, we recommend customers make sure their antivirus software is up-to-date." Wee advised users to visit Microsoft's Safety and Security Center for additional information.</p><p>The vulnerability arises from the way Internet Explorer accesses an object that has been deleted or has not been properly allocated. As a result, the vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code while a user is working with Internet Explorer, Microsoft warned. Attackers can infect users, the company added, via a specially crafted Website designed to exploit the bug after convincing victims to view the site.</p><p>"If your systems are running IE, you are at risk, but don't panic," said Andrew Storms, director of security operations at nCircle. "The reality is, it's just one more zero-day, and we've seen an awful lot of them come and go."</p><p><a href="http://www.eweek.com/c/a/Security/Microsoft-to-Release-Fix-It-Tool-to-Fight-IE-ZeroDay-472581/">Keep reading...</a></p>