Microsoft Fixes Critical 0–day Flaw in Internet Explorer 6, 7, and 8

Microsoft releases an out-of-band security update to address the remote code execution vulnerability that affecting Internet Explorer browser version 6, 7, and 8. The issue as described in Security Advisory 2794220 allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.

Share online:

Microsoft had issued a temporary Fix-it in December of 2012, to patch the "remote code" execution vulnerability that was found in the Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 browsers.

Today, as of January 14, the company is releasing a security update to mitigate the two weeks old zero-day vulnerability affecting the afore mentioned Internet Explorer browsers.

"(W)e recommend that you install this update as soon as it is available. This update for Internet Explorer 6-8 will be made available through Windows Update and our other standard distribution channels," MSRC wrote in an Advanced Notification post.

A malicious JavaScript was found exploiting a recent found vulnerability in Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8, "while Internet Explorer 9 and Internet Explorer 10 are not affected."

"This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message."

"If you have automatic updates enabled on your PC, you won't need to take any action." Also, those who have already applied the Fix it released in Security Advisory 2794220, "won't need to uninstall it before applying the security update," MSCRS adds.

The bulletin has a severity rating of Critical, and it addresses CVE-2012-4792.

Update 01/15: Video added about this update.