The vulnerability, known as CVE-2013-1347, was exploited by hackers in a hack on the US Department of Labor’s website, that infected visiting computers if they were running the vulnerable version of Internet Explorer.
There were also reports that the vulnerability was being exploited by online criminals in other attacks, increasing the necessity for Microsoft to patch its software.
Well, Microsoft still hasn’t released a patch – but if has issued what it describes as “an easy, one-click Fix it tool” that concerned users and companies can run on computers which use Internet Explorer 8.
Note, however, that a Fix It tool to address known attack vectors that leverage the vulnerability is no replacement for a proper security patch.
Hopefully Microsoft will roll out a security update for the vulnerability before too many computer users are put at risk.
Please note that Internet Explorer 6, 7, 9 and 10 are not affected by this vulnerability – this seems to be purely an IE 8 security problem.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.