Microsoft Zero Day IE8 Flaw: Patch Coming Tuesday

Microsoft's next Patch Tuesday fix will solve a reported twelve security flaws, none more important than an Internet Explorer 8 vulnerability that the software company itself has marked "critical", its highest threat level.

The next Patch Tuesday release is set for December 8, and the fixes it includes patch holes in several versions of Windows, including Windows 2000, XP, Vista, and finally Windows 7. Fixes are also due for Server 2003 and 2008. They'll cover a number of its most popular software packages, including Microsoft Office and its subsidiary programs Word, Work 8.5, and Project.

Zero-Day Flaw Could Result in Remote Hijacking

Three of the fixes due next Tuesday have been marked "critical." None has received more media infamy in recent weeks that a zero-day Internet Explorer 8 flaw that, with the right conditions, could allow a hacker to unleash malware on a user's system from a remote location.

That malware could in turn allow the hacker to take control of the victim PC, giving them the ability to snag login information, passwords, or even credit card and other financial data.

MS Security Bulletin Published November 23rd

Microsoft first admitted the issue existed in an advisory bulletin back on November 23. Here's a snippet of that advisory:

"The vulnerability exists as an invalid pointer reference of Internet Explorer. It is possible under certain conditions for a CSS/Style object to be accessed after the object is deleted. In a specially-crafted attack, Internet Explorer attempting to access a freed object can lead to running attacker-supplied code." (Source: cnet.com)

MS Recommends Users Tighten Security

In a statement, Microsoft acknowledged that the issue is a serious one and that demands for its fixing have been received, loud and clear. "We know that customers are concerned about this issue and we are also aware that proof of concept code is available publicly," the company said. (Source crn.com)

Until Tuesday, Microsoft is advising users of Internet Explorer 8 to enable their firewalls, apply all applicable operating system and browser updates/patches, and keep their antivirus software up-to-date. Of course, users should also be careful not to venture to unfamiliar web pages or open strange and suspicious emails.