Microsoft on Friday released an emergency patch to address a recently discovered zero-day vulnerability in Internet Explorer (IE). Details of in-the-wild exploits taking advantage of the bug were made public on Sept. 16 by Eric Romang, a researcher and contributor to the Metasploit Project. The flaw could allow attackers to spread the remote access trojan (RAT) Poison Ivy. Researchers linked the exploits to the Nitro crime gang, a group also believed responsible for serving recent Java 7 attacks. The out-of-cycle fix from Microsoft also includes updates for four other bugs affecting IE 9 and earlier versions.