Skip to main content

Microsoft has yet to patch 7-month old Internet Explorer zero-day vulnerability

Internet Explorer
Internet Explorer gets another vulnerability

Nearly eight months after the security company TippingPoint informed Microsoft of a vulnerability affecting its web browser, Internet Explorer, the company has yet to issue a patch to quash that flaw.

The case was disclosed to Microsoft in October 2013 and has been made public by TippingPoint's Zero Day Initiative website on Wednesday. Only Internet Explorer 8, which was launched back in 2009 and came with Windows 7, is affected.

It is still by far the most popular browser in the world according to web analytics company, NetMarketShare, with nearly a fifth of the global market, which means that widespread attacks could take place.

Time to move to another browser?

To make matters worse, it is the most recent web browser available from Microsoft for Windows XP, which could pave the way for multi-pronged attacks. "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations", says the description on ZDI's website.

It adds "User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file." To Microsoft's credit though, it did come back with ways to reduce the risk of an attack.

Setting Internet security zone settings to high might help, as configuring IE to prompt before running Active Scripting and installing its Enhanced Mitigation Experience Toolkit.

Desire Athow

Managing Editor, TechRadar Pro

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Then followed a weekly tech column in a local business magazine in Mauritius, a late night tech radio programme called Clicplus and a freelancing gig at the now-defunct, Theinquirer, with the legendary Mike Magee as mentor. Following an eight-year stint at ITProPortal.com where he discovered the joys of global techfests, Désiré now heads up TechRadar Pro. He has an affinity for anything hardware and staunchly refuses to stop writing reviews of obscure products or cover niche B2B software-as-a-service providers.