Security Advisor

Microsoft Releases IE 8 'Fix It' Ahead of May Security Update

The temporary fix looks to get a permanent solution with this month's Microsoft patch.

Microsoft yesterday updated Security Advisory 284710, a remote code execution (RCE) flaw in Internet Explorer 8 with a "Fix it."

The flaw, which does not affect any other Internet Explorer version, could allow an attacker to inject malware into a system that visits a malicious Web site.

"The Fix it is an effort to help protect as many customers as possible, as quickly as possible," said Dustin Childs at Microsoft. "We continue to work on a security update to address this issue and we're closely monitoring the threat landscape."

Coming less than a week before Microsoft's monthly patch rollout, the Fix it was issued after the flaw has already been seen being exploited in the wild. The flaw is believed to be used in an incident last week in which the U.S. Department of Labor  hacked and those visiting the government site in IE 8 were infected with malware.

While applying the one-click Fix it should protect the vulnerability from being exploited, it appears Microsoft will release a permanent fix in Tuesday's May security update, which looks to be a lighter month when it comes to the number of "critical" bulletins

The IE 8 fix is only one of two critical items. Which means those that have completely upgraded away from IE 8 will only have one critical bulletin to deal with. However, it's also a RCE fix for Internet Explorer -- this time every version is affected.

Along with the two critical IE items, there will also be eight bulletins designated "important." They include RCE, denial of service, spoofing, information disclosure and elevation of privilege flaws in Windows, Lync, Office, Windows Essentials and .NET Framework.

Look for the specifics on the flaws to arrive on Tuesday morning coupled with the patch.  

 

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • First Chromium-Based Edge Browser Beta Release Now Available

    Microsoft Edge Insider Program participants now have access to the Beta Channel release of Microsoft's Chromium-based Edge Web browser on the Windows and Mac platforms.

  • Microsoft Planning To Answer Windows Virtual Desktop Questions Next Week

    Microsoft has set aside time to answer questions about its emerging Windows Virtual Desktop service on Wednesday of next week, according to an announcement.

  • With EPYC Rome Chips, AMD Could Eclipse Intel in Datacenter

    AMD's high-profile EPYC 7002 launch has datacenter analysts wondering if the end of Intel's long reign is nigh.

  • Microsoft Buys jClarity for Azure-Based Java Workloads

    In a bid to support its "continued contributions to open source while driving increased performance for Java workloads on Azure," Microsoft on Monday announced its acquisition of jClarity.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.