Microsoft has a fix for the recently discovered zero-day vulnerability in Internet Explorer 8. It provided eliminates a critical vulnerability that attackers can exploit to inject and execute malicious code. All they need only entice their victim into visiting a malicious website.
The vulnerability was already used for attacks on U.S. researchers involved, among others, the development of nuclear weapons. According to several security firms, the attacks against employees of the U.S. Department of Labor and the U.S. Department of Energy directed.
Invincea reported last Friday, the compromised site to distribute Trojans Poison Ivy by drive-by download. FireEye has found in an analysis of the malicious program that is specifically designed for computers with Windows XP. But the exploit let 7 be used against Internet Explorer 8 on Windows.
Last Friday, in an article published security advisory Microsoft stated that it was investigating the reports and information on the attacks. It described the problem as “susceptibility to remote code execution.” This affects all versions of Windows with Internet Explorer 8, including Windows Server 2003, 2008 R2 and the versions. Internet Explorer 6, 7, 9 and 10 is no danger in this respect from the other hand.
The unscheduled patch comes in the form of an executable Fix-It tool, which updates the system without restarting it. However, Microsoft recommends that before you install cumulative security update for Internet Explorer 9 April (MS13-028).
“Customers should play the fix or follow the workaround described in the Advisory, to protect themselves against the known attacks, while we continue working on a security update,” stated Dustin Childs from the Microsoft Security Response Center (MSRC) by e-mail.