Zero-day affects most popular version of Internet Explorer

Generally, vendors like to keep security flaws under wraps. Once notified, they’ll work on a fix and patch it before it can make news. But it’s been seven long months since a flaw was discovered in Internet Explorer 8 – and many are wondering Microsoft will ever do anything about it. 

Last October, a security researcher found a bug in Internet Explorer 8, the most widely used web browser in the world. It’s used by 20.85% of users worldwide, according to ZDnet.

This particular vulnerability could allow hackers to execute code on a user’s system – similar to a flaw found in IE 9 and 10.

The flaw was reported to the Zero Day Initiative, which alerted Microsoft. But three straight Patch Tuesdays have come and gone with no fix. Microsoft alerted ZDNet that it was aware of the issue, but:

“We build and thoroughly test every security fix as quickly as possible. Some fixes are more complex than others, and we must test every one against a huge number of programs, applications and different configurations. We continue working to address this issue and will release a security update when ready in order to help protect customers. We encourage customers to upgrade to a modern operating system, such as Windows 7 or 8.1, and run the latest version of Internet Explorer which include further protections.”

And therein lies the rub. Internet Explorer 8 was most commonly used on Windows XP, which it was included on, but also runs on Windows 7 and Vista, which are supported still.

Make sure users are up-to-date

Obviously, operating systems aren’t the only area users need to be running updated versions. Even on a supported OS, vulnerable programs put users at risk.

Make sure your users get on the latest version of Internet Explorer or other secure browsers and keep them updated. And as always, stay on top of updates.