NEWS FROM THE LAB - Wednesday, January 2, 2013

Fix it: Internet Explorer 8 Vulnerability Posted by Sean @ 11:12 GMT

As mentioned in our previous post, there's an Internet Explorer (zero-day) remote code execution vulnerability being exploited in the wild which affects IE 8, as well as IE 6 & 7. Those versions of IE account for about one third of all desktop browser market share.

Current exploitation is limited but it's quite likely a reliable exploit will soon find its way into crimeware exploit kits.

Microsoft Security Advisory 2794220
Microsoft Security Advisory (2794220)

IE 9 & 10 are not vulnerable — which is of small comfort to users of Windows XP as IE 9 & 10 are not supported.

For consumers with XP, we recommend installing an additional browser such as Mozilla Firefox or Google Chrome.

For corporate folks (still) required to use XP with IE 8: Microsoft has a Fix it tool available.

Microsoft Security Advisory 2794220, Fix it

You'll find more details at Microsoft's Security Research & Defense blog: Microsoft "Fix it" available for Internet Explorer 6, 7, and 8.

It's not yet clear if this vulnerability will be patched on January 8th during Microsoft's scheduled update cycle.