Microsoft Panics over Zero-day Flaw and Patches it!

A patch has been released from Microsoft which is a 26.9MB patch which will fix the five vulnerabilities, and the zero day flaw that is cracking Windows systems the most common versions of Internet Explorer. The patch will fix all the problems that the system has been having which was used by hackers to go against some companies.

Microsoft Security Response Center which is the official corporate security response blog posted ''Today we released Security Update MS12-063 to address limited attacks against a small number of computers through a vulnerability in Internet Explorer versions 9 and earlier. The majority of customers have automatic updates enabled and will not need to take any action because protections will be downloaded and installed automatically. For those manually updating, we encourage you to apply this update as quickly as possible. In addition to addressing the issue described in Security Advisory 2757760, MS12-063 also resolves four privately disclosed vulnerabilities that are currently not being exploited''

It was rated as critical or moderate risk it all depends on which browser and operating system you are running, but would allow full remote code execution on systems running IE 7,8 and 9 running Adobe Flash on fully-patched Windows XP, Vista and 7 machines, using Malware embedded on the web page. 

This whole mess was discovered by a security researcher Eric Romang. But he says ''Zero-Day Season Is Really Not Over Yet'' he posted on ''Wordpress'' saying ''I can confirm, the zero-day season is really not over yet. Less than three weeks after the discovery of the Java SE7 0day, aka CVE-2012-4681, potentially used by the Nitro gang in targeted attacks, a potential Microsoft Internet Explorer 7 and 8 zero-day is actually exploited in the wild''. He also posted ''

• I wasn’t a target of the 0day, I tested it on my lab. This misunderstanding has been introduced by Reuters in their press release.
• I did these researches on my personal time, and these researches are not linked with my professional activities. This misunderstanding has been introduced by Reuters in their press release.
• I don’t pin the responsibility on the Nitro gang, if you read my blog post, you will see that I found coincidences.
• I don’t know the timeline of the vulnerability, including when it was discovered and how long it has been exploited'' 

Eric Romang also posted images and a video of the Zero day flaw. (For more about Eric Romang Wordpress Blog click here)

 Microsoft reputation looks to go downhill for now. But can it make a come back with the new patch?

This happened to Flash Player last mouth. (Zero-day Flaw)