News

Microsoft leaves serious flaw in Internet Explorer unpatched for 8 months

By admin
Spread the love

It turns out that a serious leak in Internet Explorer 8 was discovered months ago that has not yet been fixed. The vulnerability was disclosed by the Zero Day Initiative, which says the vulnerability allows remote code execution with the privileges of the logged-in user.

Microsoft was notified of the vulnerability by security firm TippingPoint in October 2013, but has not yet patched it. Earlier this month, the Zero Day Initiative informed the group that it would start publishing, which has since happened. ZDI’s policy is to release details about vulnerabilities if they are not fixed within 180 days.

The vulnerability can be exploited by malicious parties through self-created or acquired websites. The abuse can lead to the execution of code with the rights of the logged in user, which in the worst case can lead to complete takeover of a system. Internet Explorer 8 is available for Windows XP, Windows Vista, and Windows 7.

In any case, there will be no more patch for the former. It is not clear why Microsoft has not released a patch for the other Windows versions. “Some fixes are more complex than others,” the company told Cnet. There are no known instances of actual exploitation of the vulnerability at the company.

You might also like
News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

Microsoft and Activision Blizzard postpone acquisition deadline until October

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

‘Microsoft wants to postpone deadline for Activision Blizzard…

News

Rumor: EU starts investigation into Microsoft for including Teams with Office