Microsoft releases Hotfix for Internet Explorer 8 security vulnerability

Martin Brinkmann
May 9, 2013
Updated • Jun 23, 2019
Internet Explorer
|
4

A security bug in Microsoft's Internet Explorer 8 web browser was confirmed by the company on Friday in a security advisory.

Reports of attacks began to appear two days earlier when security firm Invincea reported that attacks were carried out against the US Department of Labor and Department of Energy exploiting a new vulnerability in the Internet browser. Another security company, FireEye confirmed the report.

Update: The hotfix is no longer available as it is no longer needed. End

Microsoft's updated security advisory offers information about the type of vulnerability in Internet Explorer 8:

The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

Only Internet Explorer 8 is affected by the vulnerability. While that may not look like a big issue, considering that Microsoft released two newer versions of the web browser in recent time, it is quite problematic as it is the version that most Windows XP users have installed on their systems since Internet Explorer 9 and 10 are not available for the operating system. Windows Vista and Windows 7 users who have not updated the web browser yet, and systems running Windows Server 2003 to 2008 R2 may also be affected. Basically, if Internet Explorer 8 is installed on the system it is vulnerable.

Microsoft did release mitigating factors to protect systems running Internet Explorer 8 against the vulnerability. One of them suggested the use of the excellent Enhanced Mitigation Experience Toolkit which blocks popular exploits from being carried out on computer systems.

fix it internet explorer 8 vulnerability

Yesterday evening, a hotfix was released that resolves the security vulnerability on affected systems. It is provided as a Fix-It that you can download and run to resolve the issue. Microsoft is making available two downloads, one to enable the fix, the other to restore the system and disable it again.

The program throws an error if Internet Explorer 8 is not installed on the system. It is recommended that the patch is applied immediately on all systems running Internet Explorer 8.

Summary
Microsoft releases Hotfix for Internet Explorer 8 security vulnerability
Article Name
Microsoft releases Hotfix for Internet Explorer 8 security vulnerability
Description
Microsoft releases a hotfix for a security vulnerability in Internet Explorer 8 that was exploited in the wild in 2013.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. ProcessHacker said on May 11, 2013 at 2:41 am
    Reply

    Microsoft needs a switch that turns that god damned browser off completely, no dll backends, no network connections, One Click, it’s off, one click it’s on.

    I am sick of having to slide those sliders up hit save, open browser, hit default settings over and over and over and over. And then still the backend dll’s can access the web. iExplorer is a security pile of donkey nose puss. It wastes productivity time clicking the settings constantly. Scripting the settings is hit or miss unless your a freaking guru, I know, I tried. I can script windows power saver settings from the command line, but IE… no joy.

    And what’s with updates that cripple fonts! Now I have to REFUSE that update to get WORK done.

    Microsoft is a disaster, everything they are doing they need to do the OPPOSITE. Bring the Start Button back, get rid of “ecosystem mindset” apps.

    I ain’t going to live in their ecosystem, it’s crap, you can’t get work done, and with all the spying, frankly I am ready to stop paying to be spied on. e.g. turn off my ISP, domains, website hosting, eBay, Paypall, Amazon. Forget it all, who needs it with this police state crap?

  2. ilev said on May 9, 2013 at 10:27 am
    Reply

    Microsoft has fixed yet security hole in IE10/Windows 8 hacked during Pwn2Own 2 months ago.

  3. Transcontinental said on May 9, 2013 at 9:41 am
    Reply

    Thanks, Martin. It’s really appreciable — and appreciated — to have these latest security issues and fixes in real-time.
    IE is not my default browser, but IE here is version 8, and life is so strange sometimes that one could catch the bad for a one-time exception … :)
    Patched with hot-fix.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.