Microsoft IE Versions: Microsoft Offering Fix for Old Versions of IE

Page 1 of 2

Microsoft Corporation (MSFT)Microsoft IE Versions: Despite the fact that many people always take the time to update to the latest version of Internet Explorer, there are some who still rely on an old version. While this does not appear to be a big deal on the surface, Microsoft Corporation (NASDAQ:MSFT) knows that this is not always the case – especially when it comes to security.

Hackers can easily attack older versions of Internet Explorer, with vulnerabilities affecting versions six, seven, and eight.

On Saturday, December 29, 2012, Microsoft Corporation (NASDAQ:MSFT) issued a security advisory. It can be read in its entirety here.

Below is a brief synopsis:

Microsoft is investigating public reports of a vulnerability in Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8. Internet Explorer 9 and Internet Explorer 10 are not affected by the vulnerability. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8. Applying the Microsoft Fix it solution, “MSHTML Shim Workaround,” prevents the exploitation of this issue.

The advisory goes on to explain the vulnerability in greater detail:

The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

The easiest way to avoid an issue is to stop using one of the affected versions, and instead rely on IE 9 or 10.

If you are looking for a quick fix, here is what you can do:

Page 1 of 2