Microsoft issues security advisory on IE8 zero-day exploit

security alert

Microsoft issues security advisory on IE8 zero-day exploit

Warwick Ashford

Microsoft has published a security advisory about an exploit for zero-day vulnerability (CVE-2013-1347) in Internet Explorer 8.

The exploit is in active use in the wild and a Metasploit module has been made available for the zero-day vulnerability, according to Wolfgang Kandek, CTO at security firm Qualys.

“This will make it easier to convince IT management of the robustness and applicability of the exploit,” he wrote in a blog post.  

FireEye and Invincea have shown in two blog posts that even a fully patched Internet Explorer 8 is vulnerable to attack, making the attack a legitimate zero-day.

Microsoft recommends installing its free enhanced mitigation experience toolkit (Emet) to mitigate the vulnerability, or disabling active scripting.

Emet, first released for public use in September 2010, gives enterprises the means to protect against unknown vulnerabilities and brings newer security protections to older platforms and applications, both Microsoft and non-Microsoft.

Alternatively, Kandek said organisations can upgrade to Internet Explorer 9, which is not affected by the vulnerability.

With Microsoft’s monthly Patch Tuesday security update just a week away, Kandek said it is unlikely that a patch for the vulnerability will be ready on time.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy