Microsoft issues security advisory on IE8 zero-day exploit

security alert

Microsoft issues security advisory on IE8 zero-day exploit

Warwick Ashford

Microsoft has published a security advisory about an exploit for zero-day vulnerability (CVE-2013-1347) in Internet Explorer 8.

The exploit is in active use in the wild and a Metasploit module has been made available for the zero-day vulnerability, according to Wolfgang Kandek, CTO at security firm Qualys.

“This will make it easier to convince IT management of the robustness and applicability of the exploit,” he wrote in a blog post.  

FireEye and Invincea have shown in two blog posts that even a fully patched Internet Explorer 8 is vulnerable to attack, making the attack a legitimate zero-day.

Microsoft recommends installing its free enhanced mitigation experience toolkit (Emet) to mitigate the vulnerability, or disabling active scripting.

Emet, first released for public use in September 2010, gives enterprises the means to protect against unknown vulnerabilities and brings newer security protections to older platforms and applications, both Microsoft and non-Microsoft.

Alternatively, Kandek said organisations can upgrade to Internet Explorer 9, which is not affected by the vulnerability.

With Microsoft’s monthly Patch Tuesday security update just a week away, Kandek said it is unlikely that a patch for the vulnerability will be ready on time.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy