Microsoft Releases MS15-093 Out Of Band Patch For IE
Microsoft released security bulletin MS15-093 for all supported releases of Internet Explorer with a severity rating of Critical. This security update is released outside of the usual monthly security bulletin release cycle in an effort to protect your environment.
The description of this update is available here: MS15-093 Description
MS15-093 modifies the way that Internet Explorer handles objects in memory to close the discovered security hole. It is recommended that this vulnerability be applied as a matter of urgency. Microsoft rarely releases out-of-band patches and the urgent nature could suggest that more attacks may be on their way, said Qualys CTO Wolfgang Kandek.
“Now that the vulnerability is disclosed we expect the attack code to spread widely and get integrated into exploit kits and attack frameworks,” said Kandek in an e-mailed comment. “Patch as quickly as possible.”
The security update comes just one week after Microsoft released its scheduled August patch releases which included a cumulative update for all versions of Internet Explorer. Verismic are unsure why Microsoft didn’t include today’s update with last week’s Patch Tuesday updates.
The SANS Internet Storm Centre forum has a post up for this patch. We recommend keeping a close eye on this for real time updates as they occur.