Microsoft issues a Fix-it patch for zero day flaw found in Internet Explorer 6, 7, and 8

1 min. read

Published on December 31, 2012

published on December 31, 2012

Readers help support Windows Report. We may get a commission if you buy through our links.

A malicious JavaScript has been found exploiting a recent found vulnerability in Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8, while Internet Explorer 9 and Internet Explorer 10 are not affected. The zero day flaw came to light after the Council on Foreign Relations website was hacked and was hosting the code as early as December 21st.

The malicious JavaScript code exploits browsers that have the language setting of English (U.S.), Chinese (China) Chinese (Taiwan), Japanese, Korean, or Russian. Once a browser is found that meets one of these languages the JavaScript is loaded into a file called “today.swf” an Adobe Flash extension. Which then caused Internet Explorer to download a file called “xsainfo.jpg”. This flaw enables the user to get the same privileges as the currently running user on the machine.

Microsoft released a Security Advisory on Saturday December 31st, 2012. A temporary Microsoft Fix-it solution has been provided along with the Security Advisory to mitigate risk of being attacked by a infected website, while the company works on a full fledged update. Hit the download below to grab it.

Microsoft Fix it for Security Advisory 2794220

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time). For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web. Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they're looking for.