As mentioned in our previous post, there’s an Internet Explorer (zero-day) remote code execution vulnerability being exploited in the wild which affects IE 8, as well as IE 6 & 7. Those versions of IE account for about one third of all desktop browser market share.
Current exploitation is limited but it’s quite likely a reliable exploit will soon find its way into crimeware exploit kits.
Microsoft Security Advisory (2794220)
IE 9 & 10 are not vulnerable – which is of small comfort to users of Windows XP as IE 9 & 10 are not supported.
For consumers with XP, we recommend installing an additional browser such as Mozilla Firefox or Google Chrome.
For corporate folks (still) required to use XP with IE 8: Microsoft has a Fix it tool available.
You’ll find more details at Microsoft’s Security Research & Defense blog: Microsoft “Fix it” available for Internet Explorer 6, 7, and 8.
It’s not yet clear if this vulnerability will be patched on January 8th during Microsoft’s scheduled update cycle.
Leave a reply