fbpx
Friday Apr 19th, 2024

Don’t wait any longer. Get started today!

demo

ScheduleA Meeting

 
 

Directive Blogs

Directive has been serving the Oneonta area since 1993, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Categories
Tags
Categories:   All Categories
Suggested keywords
x
  Print

Internet Explorer 8 Zero-Day Vulnerability Found, but Not Patched

b2ap3_thumbnail_vulnerability_microsoft_400.jpgWith the world still on edge about the recent vulnerability found in most versions of Internet Explorer, another one has been discovered, this time in Internet Explorer 8. This bug allows a hacker to execute malicious code when a user opens an infected email or webpage.

However, this vulnerability is different than the one previously discovered and patched (even for Windows XP), in that Microsoft hasn't issued a patch for this one.

The bug was discovered in October 2013 by HP's Zero-Day Initiative (ZDI), which rewards individuals for locating and reporting bugs and vulnerabilities. The policy put into place by ZDI is that it handles the disclosure of the threat to the vendor, and then keeps quiet for 180 days, providing the company ample time to provide a patch for the issue.

However, it seems like 180 days wasn't enough this time. Microsoft confirmed the bug existed in February, but hasn't included a patch for the flaw in any of the Patch Tuesdays since.

Internet Explorer 8 was the newest version to be compatible with the recently cut-off Windows operating system, Windows XP. It is also used on Windows Vista and Windows 7, as well as Windows Server 2003, 2008, and 2008 R2.

According to ZDNet, Microsoft hasn't been able to locate any attacks exploiting the vulnerability at this time. ZDI's technicians have described how the bug works: "By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process."

All that this series of vulnerabilities indicates is an increasing need for Internet security and monitoring. As a business owner, you need more than just vigilance and good faith to keep your company's clients protected. Directive can provide your business with that.

We won't wait 180 days to inform you that there is a vulnerability in your system, or that it has been exploited. We'll monitor your system and keep it as safe as possible from virtual attacks. Whether they happen or not, you can rest easy knowing that your system is in good hands. Call Directive today at 607.433.2200 and we'll discuss ways you can combat this new string of vulnerabilities.

About the author

Chris Chase

Chris Chase

Chris is a hopeless Technology Fanatic, an Inbound & Outbound Marketing Expert as well as a Senior IT Advisor, Web, Graphics & Software Designer. When he's not running Directive and JoomConnect he's probably sharpening his skills as an Amateur Photographer and Filmmaker. Chris lives with his wife Charlotte and their 2 sons in Upstate NY. Visit his photography site at www.directivestudios.com.

Author's recent posts

More posts from author