24/7 Service, Same Day Diagnostics

What's Trending

Our Latest Tweets

Microsoft plans eventual patch for longstanding exploit

This last week, researchers from ZDI released information about a seven month-old Internet Explorer 8 vulnerability.


Microsoft announced late last week that the longstanding critical vulnerability in will be patched eventually. The company has known about the exploit in its Internet Explorer 8 browser for nearly seven months, but has no plans to issue an update to repair the problem in the near future.

The vulnerability

The IE 8 vulnerability became news after researchers from the Zero Day Initiative (ZDI), a security research group within Hewlett-Packard, released details about the exploit after waiting months for Microsoft to acknowledge the issue. In most situations, ZDI withholds key information about newly found exploits to protect the public from malicious users who have yet to discover the vulnerability and only releases this information in the even that a publisher ignores the warning or does nothing to rectify the problem.

The exploit is a "use-after-free" flaw and deals with how IE 8 handles CMarkup objects. In order to exploit the flaw, an attacker would only need to induce the user to visit a website designed with malicious code. If the lure is successful, the attackers would be given the same rights as the user on the vulnerable computer. This would give the hackers the ability to run nearly any arbitrary code.

How to protect yourself

In the advisory, the researchers at ZDI provided a recommendation to users who still actively use the Internet Explorer 8 browser.

First, users must set Internet security zones settings for the IE 8 browser to High. This setting can be found in the Security tab of IE 8's Internet Options. To make the change, move the slider up until the setting shows High. Making this change will block ActiveX controls and also Active Scripting.

The researchers also suggested installing the Enhanced Mitigation Experience Toolkit (EMET) as well, believing that this will also provide more defense in the face of the un-patched vulnerability.

Request Help
Call for Immediate Assistance
24 Hour Service Expert Hotline
Alternatively, you can also fill out
a request help form online
Submit Help Request
Article Search
Secured & Certified


We are