Microsoft confirms exploit in Internet Explorer 8May 5, 2013 – 3:49 PM
Internet Explorer 8 is still the most-used version of Microsoft’s web browser family, according to data from Net Applications. Late Friday, Microsoft posted word that it had discovered an exploit in the browser but noted the issue issue does not appear to affect any other versions.
Microsoft’s Security blog states the exploit could in theory be used to allow for a “remote code execution if users browse to a malicious website with an affected browser.” Computerworld.com reports that the issue was first identified by the security firm Invincea and has already been used by hackers in attacks directed against the U.S. Department of Labor and U.S. Department of Energy.
People still using IE8 can simply upgrade to a more recent version of the browser to avoid this exploit.
Microsoft is working to create a patch for IE8 that will close this exploit. If users don’t wish to upgrade their browsers, Microsoft says some workarounds might help stop the issue. One is to set Internet and local intranet security zone settings to high, and the other is to set up IE8 to prompt users before running any Active Script type of program or to simply disable Active Scripting entirely.