SMART Blog

Smart Services has been providing independent agents with proactive, fast, and expert technology services since 1991.

Internet Explorer 8 Zero-Day Vulnerability Found, but Not Patched

b2ap3_thumbnail_vulnerability_microsoft_400.jpgWith the world still on edge about the recent vulnerability found in most versions of Internet Explorer, another one has been discovered, this time in Internet Explorer 8. This bug allows a hacker to execute malicious code when a user opens an infected email or webpage.

However, this vulnerability is different than the one previously discovered and patched (even for Windows XP), in that Microsoft hasn't issued a patch for this one.

The bug was discovered in October 2013 by HP's Zero-Day Initiative (ZDI), which rewards individuals for locating and reporting bugs and vulnerabilities. The policy put into place by ZDI is that it handles the disclosure of the threat to the vendor, and then keeps quiet for 180 days, providing the company ample time to provide a patch for the issue.

However, it seems like 180 days wasn't enough this time. Microsoft confirmed the bug existed in February, but hasn't included a patch for the flaw in any of the Patch Tuesdays since.

Internet Explorer 8 was the newest version to be compatible with the recently cut-off Windows operating system, Windows XP. It is also used on Windows Vista and Windows 7, as well as Windows Server 2003, 2008, and 2008 R2.

According to ZDNet, Microsoft hasn't been able to locate any attacks exploiting the vulnerability at this time. ZDI's technicians have described how the bug works: "By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process."

All that this series of vulnerabilities indicates is an increasing need for Internet security and monitoring. As a business owner, you need more than just vigilance and good faith to keep your company's clients protected. SMART Services can provide your business with that.

We won't wait 180 days to inform you that there is a vulnerability in your system, or that it has been exploited. We'll monitor your system and keep it as safe as possible from virtual attacks. Whether they happen or not, you can rest easy knowing that your system is in good hands. Call SMART Services today at 586 258-0650 and we'll discuss ways you can combat this new string of vulnerabilities.

Save Money and Go Green with These Printing Tips!
Don’t Stoke the Flames – Build a Firewall
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Monday, December 23 2024

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Blog Archive

2012
February
March
April
May
June
July
August
September
October
November
December
2011
January
February
March
April
May
July
August
September
October
December

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *