Microsoft Releases IE 8 'Fix It' Ahead of May Security Update
The temporary fix looks to get a permanent solution with this month's Microsoft patch.
Microsoft yesterday updated Security Advisory 284710, a remote code execution (RCE) flaw in Internet Explorer 8 with a "Fix it."
The flaw, which does not affect any other Internet Explorer version, could allow an attacker to inject malware into a system that visits a malicious Web site.
"The Fix it is an effort to help protect as many customers as possible, as quickly as possible," said Dustin Childs at Microsoft. "We continue to work on a security update to address this issue and we're closely monitoring the threat landscape."
Coming less than a week before Microsoft's monthly patch rollout, the Fix it was issued after the flaw has already been seen being exploited in the wild. The flaw is believed to be used in an incident last week in which the U.S. Department of Labor hacked and those visiting the government site in IE 8 were infected with malware.
While applying the one-click Fix it should protect the vulnerability from being exploited, it appears Microsoft will release a permanent fix in Tuesday's May security update, which looks to be a lighter month when it comes to the number of "critical" bulletins
The IE 8 fix is only one of two critical items. Which means those that have completely upgraded away from IE 8 will only have one critical bulletin to deal with. However, it's also a RCE fix for Internet Explorer -- this time every version is affected.
Along with the two critical IE items, there will also be eight bulletins designated "important." They include RCE, denial of service, spoofing, information disclosure and elevation of privilege flaws in Windows, Lync, Office, Windows Essentials and .NET Framework.
Look for the specifics on the flaws to arrive on Tuesday morning coupled with the patch.