Security Advisor

Microsoft Releases IE 8 'Fix It' Ahead of May Security Update

The temporary fix looks to get a permanent solution with this month's Microsoft patch.

Microsoft yesterday updated Security Advisory 284710, a remote code execution (RCE) flaw in Internet Explorer 8 with a "Fix it."

The flaw, which does not affect any other Internet Explorer version, could allow an attacker to inject malware into a system that visits a malicious Web site.

"The Fix it is an effort to help protect as many customers as possible, as quickly as possible," said Dustin Childs at Microsoft. "We continue to work on a security update to address this issue and we're closely monitoring the threat landscape."

Coming less than a week before Microsoft's monthly patch rollout, the Fix it was issued after the flaw has already been seen being exploited in the wild. The flaw is believed to be used in an incident last week in which the U.S. Department of Labor  hacked and those visiting the government site in IE 8 were infected with malware.

While applying the one-click Fix it should protect the vulnerability from being exploited, it appears Microsoft will release a permanent fix in Tuesday's May security update, which looks to be a lighter month when it comes to the number of "critical" bulletins

The IE 8 fix is only one of two critical items. Which means those that have completely upgraded away from IE 8 will only have one critical bulletin to deal with. However, it's also a RCE fix for Internet Explorer -- this time every version is affected.

Along with the two critical IE items, there will also be eight bulletins designated "important." They include RCE, denial of service, spoofing, information disclosure and elevation of privilege flaws in Windows, Lync, Office, Windows Essentials and .NET Framework.

Look for the specifics on the flaws to arrive on Tuesday morning coupled with the patch.  

 

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Phishing Tops Concerns in Microsoft Study of Remote Work

    Potential phishing attacks were a top concern of most IT security professionals when organizations switched to remote-work conditions early last year.

  • How To Configure Windows 10 for Intel Optane Memory

    Intel's Optane memory technology can significantly improve the performance of your Windows 10 system -- provided you enable it correctly. A single mistake can render the system unbootable. Here's how to do it the right way.

  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

comments powered by Disqus