Security Advisor

Microsoft Releases IE 8 'Fix It' Ahead of May Security Update

The temporary fix looks to get a permanent solution with this month's Microsoft patch.

Microsoft yesterday updated Security Advisory 284710, a remote code execution (RCE) flaw in Internet Explorer 8 with a "Fix it."

The flaw, which does not affect any other Internet Explorer version, could allow an attacker to inject malware into a system that visits a malicious Web site.

"The Fix it is an effort to help protect as many customers as possible, as quickly as possible," said Dustin Childs at Microsoft. "We continue to work on a security update to address this issue and we're closely monitoring the threat landscape."

Coming less than a week before Microsoft's monthly patch rollout, the Fix it was issued after the flaw has already been seen being exploited in the wild. The flaw is believed to be used in an incident last week in which the U.S. Department of Labor  hacked and those visiting the government site in IE 8 were infected with malware.

While applying the one-click Fix it should protect the vulnerability from being exploited, it appears Microsoft will release a permanent fix in Tuesday's May security update, which looks to be a lighter month when it comes to the number of "critical" bulletins

The IE 8 fix is only one of two critical items. Which means those that have completely upgraded away from IE 8 will only have one critical bulletin to deal with. However, it's also a RCE fix for Internet Explorer -- this time every version is affected.

Along with the two critical IE items, there will also be eight bulletins designated "important." They include RCE, denial of service, spoofing, information disclosure and elevation of privilege flaws in Windows, Lync, Office, Windows Essentials and .NET Framework.

Look for the specifics on the flaws to arrive on Tuesday morning coupled with the patch.  

 

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • RAMBleed Side-Channel Attack Method Disclosed by Researchers

    Academic researchers this week published information about another side-channel attack method, called "RAMBleed," that can expose information from memory chips, including encryption key information.

  • Penguin

    Windows 10 Preview Build 18917 Shows Off New Linux Integration

    Microsoft's latest Windows 10 "fast-ring" preview release is showcasing a coming Delivery Optimization enhancement, along with the ability to try the newly emerged Windows Subsystem for Linux version 2.

  • Customizing Microsoft Office 365

    While the overall look and feel of Office 365 is pretty standard across organizations, there are several ways to personalize it and make it fit better with your company's specific needs.

  • Microsoft 365 Business Tenants Getting Conditional Access and Trouble-Ticket Features

    Microsoft added its conditional access security service to Microsoft 365 Business subscriptions, according to a Wednesday announcement, and it also added new trouble-ticket features for Microsoft 365 administrators.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.