Microsoft releases MS15-093/KB 3088903 patch for IE
18.08.2015
Microsoft has just released its widely anticipated, out-of-band patch for Internet Explorer. Dubbed MS15-093/ KB 3088903, it covers all supported versions of IE (7, 8, 9, 10, and 11) on all supported platforms, including Windows 10.
Details at the moment are spotty but, based on the KB description, it sounds like a drive-by remote code execution hole that can lurk inside ads on websites.
As explained in the KB article, the vulnerability has not been publicly disclosed, but it is being actively exploited. It’s identified as CVE 2015-2502.
The SANS Internet Storm Center has a post up for the patch. Expect any new information to appear there as soon as it’s available.
Reddit also has a thread going -- Microsoft Security Bulletin MS15-093 - RCE in IE7-11 with active exploits in the wild.
Woody Leonhard