Microsoft Confirms IE Flaw, Releases Workaround

The company says that a one-click Fix it tool would be released soon

By Bogdan Popa on December 30th, 2012 10:01 GMT

Hackers have recently found a bug in Internet Explorer 8 that would allow them to deploy malicious software on a vulnerable computer, but Microsoft reacted pretty fast and issued a workaround to help users stay on the safe side.

The Redmond-based technology company said in a security advisory that IE9 and IE10 are not affected by the flaw and issued a few instructions on how to configure the browser in order to avoid getting hacked.

Here are Microsoft’s recommendations for those still using Internet Explorer 8 or older:

• Set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
• Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones
• Deploy the Enhanced Mitigation Experience Toolkit (EMET)

In addition, the company has confirmed that a one-click Fix it patch is also in the works, so it could be released in the next few days.

“In a web-based attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability,” the company said in a security advisory.

“In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.”

Interestingly, the issue only affects Internet Explorer 8 and older versions which are usually found on Windows XP, the 11-year-old OS that Microsoft struggles to kill in order to move consumers to a newer Windows release.

The company would stop providing support for Windows XP in April 2014, so it encourages users once again to make to switch to a newer operating system.
IE10 is not affected by the flaw, says Microsoft
   IE10 is not affected by the flaw, says Microsoft
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

1 Comment