Microsoft kinda fixes IE 8 security hole
Last week, Microsoft's Internet Explorer made news, but not in the way the company should like. The "browser you loved to hate" becomes the target of a zero-day security flaw, which already is being actively exploited. Version 8 of the browser, which runs on all iterations of Windows going back to XP, is the target. Windows 8 customers are safe, as the latest operating system ships with IE 10.
The flaw allows an unauthenticated remote attacker to exploit this vulnerability and execute arbitrary code on a targeted system with the privileges of a targeted user. If the user holds elevated privileges, the attacker could completely compromise the computer targeted.
Microsoft initially issued an advisory, but now takes the much needed extra step of releasing a "Fix it". This is more a temporary stop-gap than a real resolution for the flaw, but for the moment this is the only solution. Microsoft stresses that "CVE-2013-1347 MSHTML Shim Workaround" is "not intended to be a replacement for any security update". This Fix It can also be disabled if for some reason you have an issue with it.
The best solution is move to Internet Explorer 10, which now is available on Windows 7. For now, if you must use IE 8, install the hotfix and wait for Microsoft to release a more complete solution.
Photo Credit: dedMazay/Shutterstock