With the world still on edge about the recent vulnerability found in most versions of Internet Explorer, another one has been discovered, this time in Internet Explorer 8. This bug allows a hacker to execute malicious code when a user opens an infected email or webpage.
However, this vulnerability is different than the one previously discovered and patched (even for Windows XP), in that Microsoft hasn’t issued a patch for this one.
The bug was discovered in October 2013 by HP’s Zero-Day Initiative (ZDI), which rewards individuals for locating and reporting bugs and vulnerabilities. The policy put into place by ZDI is that it handles the disclosure of the threat to the vendor, and then keeps quiet for 180 days, providing the company ample time to provide a patch for the issue.
However, it seems like 180 days wasn’t enough this time. Microsoft confirmed the bug existed in February, but hasn’t included a patch for the flaw in any of the Patch Tuesdays since.
Internet Explorer 8 was the newest version to be compatible with the recently cut-off Windows operating system, Windows XP. It is also used on Windows Vista and Windows 7, as well as Windows Server 2003, 2008, and 2008 R2.
According to ZDNet, Microsoft hasn’t been able to locate any attacks exploiting the vulnerability at this time. ZDI’s technicians have described how the bug works: “By manipulating a document’s elements an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.”
All that this series of vulnerabilities indicates is an increasing need for Internet security and monitoring. As a business owner, you need more than just vigilance and good faith to keep your company’s clients protected. 4it can provide your business with that.
We won’t wait 180 days to inform you that there is a vulnerability in your system, or that it has been exploited. We’ll monitor your system and keep it as safe as possible from virtual attacks. Whether they happen or not, you can rest easy knowing that your system is in good hands. Call 4it today at (305) 278-7100 and we’ll discuss ways you can combat this new string of vulnerabilities.