Microsoft 11802 Published by

PC World posted a news story that Microsoft today turned to a new defensive measure to help users ward off ongoing attacks exploiting a known bug in IE.



"The 'shim' for IE is the news today," said Andrew Storms, director of security operations at nCircle Security. "We had not expected a patch for IE today, but we had not expected the shim either."

Shim is a term used to describe an application compatibility workaround. Storms said it was appropriate to today's temporary fix because Microsoft used the Windows Application Compatibility Toolkit to modify IE so it's immune to attacks that leverage a bug in how the browser processes a CSS (Cascading Style Sheets) file.

"This is the first time that they've used the Application Compatibility Toolkit to mitigate a zero-day vulnerability," said Storms.
  Microsoft Creatively Blocks IE Attacks