With the world still on edge about the recent vulnerability found in most versions of Internet Explorer, another one has been discovered, this time in Internet Explorer 8. This bug allows a hacker to execute malicious code when a user opens an infected email or webpage.

However, this vulnerability is different than the one previously discovered and patched (even for Windows XP), in that Microsoft hasn’t issued a patch for this one.

The bug was discovered in October 2013 by HP’s Zero-Day Initiative (ZDI), which rewards individuals for locating and reporting bugs and vulnerabilities. The policy put into place by ZDI is that it handles the disclosure of the threat to the vendor, and then keeps quiet for 180 days, providing the company ample time to provide a patch for the issue.

However, it seems like 180 days wasn’t enough this time. Microsoft confirmed the bug existed in February, but hasn’t included a patch for the flaw in any of the Patch Tuesdays since.

Internet Explorer 8 was the newest version to be compatible with the recently cut-off Windows operating system, Windows XP. It is also used on Windows Vista and Windows 7, as well as Windows Server 2003, 2008, and 2008 R2.

According to ZDNet, Microsoft hasn’t been able to locate any attacks exploiting the vulnerability at this time. ZDI’s technicians have described how the bug works: “By manipulating a document’s elements an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.”

All that this series of vulnerabilities indicates is an increasing need for Internet security and monitoring. As a business owner, you need more than just vigilance and good faith to keep your company’s clients protected. 4it can provide your business with that.

We won’t wait 180 days to inform you that there is a vulnerability in your system, or that it has been exploited. We’ll monitor your system and keep it as safe as possible from virtual attacks. Whether they happen or not, you can rest easy knowing that your system is in good hands. Call 4it today at (305) 278-7100 and we’ll discuss ways you can combat this new string of vulnerabilities.

4it Tech Insights

The art of detection

Although 2020 will certainly forever be known as the year of COVID-19, I think it would be fair to say that 2020 has also been the year of cloud computing.

Read More
NIST Data Security

How Does NIST Help Your Data Security?

As often as you hear about data breaches in news reports, data security is a priority for your business. You know you need several layers of security to protect your data, but it’s hard to know where to start and it’s confusing to know what to protect.

Read More

We use cookies to gather information about the way you interact with our website, to create reports, and overall help us in improving the website. To learn more about our cookie policy, view our Privacy Policy. By clicking “Accept & Close”, you consent to the use of cookies unless you have disabled them.