updated 09:29 pm EDT, Mon September 17, 2012
EMET upgraded to 3.0, allegedly prevents remote computer access
Microsoft has released a free patch to protect PCs from a serious "zero-day" bug discovered in its recently-released Internet Explorer 9 browser. The flaw's exploit is known as "Poison Ivy" and can be used to allow remote control of an infected PC. Microsoft has said it will advise customers to install the temporary patch, allowing more time to permanently fix the bug and release a new version of Internet Explorer. The free patch, known as the Enhanced Mitigation Experience Toolkit or EMET, is now available from Microsoft.
Symantec researcher Liam O Murchu said regarding the flaw that "any time you see a zero-day like this, it is [of great concern]. There are no patches available. It is very difficult for people to protect themselves." Symantec's anti-malware packages has already been updated to protect users against the Poison Ivy package.
Some security experts claim that users should avoid Internet Explorer in all its forms, even if they install the patch from Microsoft. Security firm Rapid7's Engineering Manager Tod Beardsley believes the patch is not be completely effective in securing the browser from attack. Marc Maiffret from security firm BeyondTrust said that the software has in some cases proven to be not compatible with existing anti-malware packages running on corporate networks. Google's Chrome browers, Mozilla's Firefox, Apple's Safari and other third-party browsers are unaffected by the Microsoft bug.