Microsoft drops surprise IE patch, fixes under-attack Windows zero-day
Summary: Patch Tuesday: Redmond ships nine bulletins to fix 16 dangerous security holes in Microsoft Windows, Internet Explorer, Visual Basic for Applications, and Microsoft Office.
By Ryan Naraine
for Zero Day
| July 10, 2012 -- Updated 19:25 GMT (12:25 PDT)
Microsoft today released a critical security patch to cover a zero-day flaw that was being used by "nation-state attackers" to hijack Gmail accounts.
The vulnerability, originally disclosed on June 13
, affects Microsoft XML Core Services and can be exploited to launch remote code execution attacks if a Windows user simply surfs to a maliciously crafted website using Internet Explorer.