Security Advisor

Microsoft Releases IE 8 'Fix It' Ahead of May Security Update

The temporary fix looks to get a permanent solution with this month's Microsoft patch.

Microsoft yesterday updated Security Advisory 284710, a remote code execution (RCE) flaw in Internet Explorer 8 with a "Fix it."

The flaw, which does not affect any other Internet Explorer version, could allow an attacker to inject malware into a system that visits a malicious Web site.

"The Fix it is an effort to help protect as many customers as possible, as quickly as possible," said Dustin Childs at Microsoft. "We continue to work on a security update to address this issue and we're closely monitoring the threat landscape."

Coming less than a week before Microsoft's monthly patch rollout, the Fix it was issued after the flaw has already been seen being exploited in the wild. The flaw is believed to be used in an incident last week in which the U.S. Department of Labor  hacked and those visiting the government site in IE 8 were infected with malware.

While applying the one-click Fix it should protect the vulnerability from being exploited, it appears Microsoft will release a permanent fix in Tuesday's May security update, which looks to be a lighter month when it comes to the number of "critical" bulletins

The IE 8 fix is only one of two critical items. Which means those that have completely upgraded away from IE 8 will only have one critical bulletin to deal with. However, it's also a RCE fix for Internet Explorer -- this time every version is affected.

Along with the two critical IE items, there will also be eight bulletins designated "important." They include RCE, denial of service, spoofing, information disclosure and elevation of privilege flaws in Windows, Lync, Office, Windows Essentials and .NET Framework.

Look for the specifics on the flaws to arrive on Tuesday morning coupled with the patch.  

 

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Endpoint Manager Improvements Highlighted at Ignite

    Improvements in the Microsoft Endpoint Manager (MEM) management solution were part of Tuesday's Microsoft Ignite online event.

  • Green City Illustration

    Microsoft Ignite 2020 Reaction, Part 1: A New Normal for Tech Conferences

    Something about Satya Nadella's opening keynote makes Brien wonder if Microsoft thinks we'd all be better off doing everything -- including conferences like Ignite -- remotely, even after the pandemic is over.

  • Microsoft Ignite: Azure Advances Across Five Frontiers

    To kick off the Microsoft Ignite virtual conference, CEO Satya Nadella made a bold claim about the public cloud with the second-largest market share behind Amazon.

  • Microsoft Buying Games Maker ZeniMax Media for $7.5 Billion

    Microsoft is buying ZeniMax Media, parent company of Bethesda Softworks and other game-maker affiliates, for $7.5 billion in cash.

comments powered by Disqus