Microsoft has yet to fix a known IE8 zero-day exploit after seven months

Internet Explorer 8 is still the world's most used web browser, according to Net Applications. Now there's word of a zero-day exploit that was found in IE8 seven months ago but so far it has yet to be addressed by Microsoft in any of its recent updates for the browser.

The security hole was revealed publicly this week by the Zero-Day Initiative. It says that the flaw will allow hackers  "to execute arbitrary code" in the browser if users surf to an infected website or open a file designed to take advantage of the exploit.

Microsoft was informed about the zero-day flaw in October 2013 but has yet to close the security hole. CNET got a statement from a Microsoft spokesperson who said there is no evidence of the flaw being used out in the wild. The spokesperson added:

We build and thoroughly test every security fix as quickly as possible. Some fixes are more complex than others, and we must test every one against a huge number of programs, applications and different configurations.

There's no word yet on when Microsoft will issue a patch to close the hole in IE8. Currently, Net Applications says that IE8 is being used by 21.14 percent of the world's web browser users.

Source: Zero-Day Initiative and CNET | Image via Microsoft

Report a problem with article
Previous Story

Powerstar Golf for Xbox One now free to download, but is it a mistake? [Update]

Next Story

Surface Pro 3: A four hour plane ride and a test of lapability

35 Comments - Add comment