View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Microsoft fails to patch latest Internet Explorer 8 zero-day exploit

HP’s Zero Day Initiative publishes IE8 flaw details without fix available.

By Joe Curtis

Microsoft has failed to fix an Internet Explorer vulnerability that could give hackers control of people’s computers before details of it went online.

The zero-day exploit – details of which are now on the web – means hackers can use phishing attacks to lure PC users to a malicious website that would effectively let hackers take over the victims’ computers.

Microsoft was made aware of the flaw in October after a Belgian researcher, Peter Van Eeckhoutte, discovered it.

But it did not fix the weakness before details of the flaw were made public by HP’s Zero Day Initiative (ZDI) yesterday.

ZDI’s disclosure read: "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

"An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."

ZDI said the issue exists within the handling of CMarkup objects, and clarified that it had notified Microsoft on May 8 of its intention to publish details of the exploit.

Content from our partners
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester
Infosecurity Europe 2024: Rethink the power of infosecurity

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.