The IE 8 vulnerability became news after researchers from the Zero Day Initiative (ZDI), a security research group within Hewlett-Packard, released details about the exploit after waiting months for Microsoft to acknowledge the issue. In most situations, ZDI withholds key information about newly found exploits to protect the public from malicious users who have yet to discover the vulnerability and only releases this information in the even that a publisher ignores the warning or does nothing to rectify the problem.
The exploit is a "use-after-free" flaw and deals with how IE 8 handles CMarkup objects. In order to exploit the flaw, an attacker would only need to induce the user to visit a website designed with malicious code. If the lure is successful, the attackers would be given the same rights as the user on the vulnerable computer. This would give the hackers the ability to run nearly any arbitrary code.
How to protect yourself
In the advisory, the researchers at ZDI provided a recommendation to users who still actively use the Internet Explorer 8 browser.
First, users must set Internet security zones settings for the IE 8 browser to High. This setting can be found in the Security tab of IE 8's Internet Options. To make the change, move the slider up until the setting shows High. Making this change will block ActiveX controls and also Active Scripting.
The researchers also suggested installing the Enhanced Mitigation Experience Toolkit (EMET) as well, believing that this will also provide more defense in the face of the un-patched vulnerability.