Microsoft issues emergency Fix-It tool for IE 8 zero-day vulnerability being exploited in the wild

ToolboxEarlier this month, Microsoft issued an advisory about what appeared to be a remote code execution vulnerability in Internet Explorer 8, that was being actively exploited in the wild by malicious hackers.

The vulnerability, known as CVE-​2013-​1347, was exploited by hackers in a hack on the US Department of Labor’s website, that infected visiting computers if they were running the vulnerable version of Internet Explorer.

There were also reports that the vulnerability was being exploited by online criminals in other attacks, increasing the necessity for Microsoft to patch its software.

Well, Microsoft still hasn’t released a patch – but if has issued what it describes as “an easy, one-click Fix it tool” that concerned users and companies can run on computers which use Internet Explorer 8.

Sign up to our free newsletter.
Security news, advice, and tips.

Download and read more about the Fix It tool from Microsoft.

Note, however, that a Fix It tool to address known attack vectors that leverage the vulnerability is no replacement for a proper security patch.

Hopefully Microsoft will roll out a security update for the vulnerability before too many computer users are put at risk.

Please note that Internet Explorer 6, 7, 9 and 10 are not affected by this vulnerability – this seems to be purely an IE 8 security problem.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Microsoft issues emergency Fix-It tool for IE 8 zero-day vulnerability being exploited in the wild”

  1. Alejandro

    29th October 2010Firefox has now been patched and it's no loengr vulnerable to this attack. If you have not done so make sure Firefox has its latest updates applied.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.