Microsoft to fix IE8 zero-day flaw on Patch Tuesday
By Stewart Mitchell
Posted on 10 May 2013 at 11:53
Microsoft's May Patch Tuesday will include a fix for a recently discovered zero-day flaw in Internet Explorer 8 that has been used to attack several high-profile targets.
The company said it would fix 33 unique vulnerabilities in two critical bulletins and eight updates rated 'important', and has rushed out a patch for a hole that was first seen last week being used by hackers targeting US government workers.
"The Critical-rated bulletins address issues in Microsoft Windows and Internet Explorer," said Dustin Childs, group manager for Microsoft Trustworthy Computing in a blog post.
"Of note, we are working to have the Internet Explorer Security Update address the issue described in Security Advisory 2847140, supplementing the currently available Fix it."
The vulnerability allows attackers to run code on target machines, with the aim of extracting account details or confidential data.
The vulnerability had previously been addressed in a workaround yesterday, but given the way it was being exploited – with attacks reported on the US Department of Labor and European aerospace and nuclear researchers – the patch has been prioritised.
At least four of the patches require a restart, Microsoft said.
According to experts, the fix for the IE8 zero day weakness should top your to-do list.
"Bulletin 2 is for the recent IE8 zero-day and should be on the top of your list if you are on IE8, which, according to our BrowserCheck statistics, still accounts for about 43% of [IE] users,” said security firm Qualys.
"Bulletin 1 is also for IE and affects all versions from 6 to 10 on all Windows operating systems from XP to 8, and including RT. It includes the patches for the vulnerabilities discovered at the Pwn2Own competition at CanSecWest in March of this year."
Is your business a social business? For helpful info and tips visit our hub.
- Windows 8.2: release date, features and free cloud version
- iPad sales stall as owners "too happy to upgrade"
- iPhone 6 features, specs and UK release date: when does the iPhone 6 launch?
- Piracy warning letters: four strikes and you're not out
- iWatch UK release date, specs and price rumours: when is the iWatch coming to the UK?
- How Google Glass ruined my lunch hour
- Smartphone battery packs: can a USB power pack beat the festival battery blues?
- Windows Easy Transfer – not so "easy" in Windows 8.1
- Formula 1: what a difference virtualisation makes
- Office of the future: comfy chairs and tablets everywhere
- I went to Glastonbury and the only thing that got high was my smartphone
- Meet the robots helping teach children
- PaperLater: would you pay to print the internet?
- Amazon vs Kobo: how much to make the ebook switch?
- Phishing emails: how I nearly got caught out
- How to add in-app purchasing to an iPhone, Android or Windows app
- Remote-control ransomware: TeamViewer and software hardball
- Why laptops with serial ports matter to the Internet of Things
- Make your mobile battery last longer
- Small steps into handling Big Data
- Nexus 5: does it really run stock Android?
- How to get broadband to a garden office
- How to write your company's IT security policy
- Raspberry Pi and Wolfram: a must-have for every child
- Could you get by with Office Web Apps?