Microsoft issues a Fix-it patch for zero day flaw found in Internet Explorer 6, 7, and 8


A malicious JavaScript has been found exploiting a recent found vulnerability in Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8, while Internet Explorer 9 and Internet Explorer 10 are not affected. The zero day flaw came to light after the Council on Foreign Relations website was hacked and was hosting the code as early as December 21st.

The malicious JavaScript code exploits browsers that have the language setting of English (U.S.), Chinese (China) Chinese (Taiwan), Japanese, Korean, or Russian. Once a browser is found that meets one of these languages the JavaScript is loaded into a file called “today.swf” an Adobe Flash extension. Which then caused Internet Explorer to download a file called “xsainfo.jpg”. This flaw enables the user to get the same privileges as the currently running user on the machine.

Microsoft released a Security Advisory on Saturday December 31st, 2012. A temporary Microsoft Fix-it solution has been provided along with the Security Advisory to mitigate risk of being attacked by a infected website, while the company works on a full fledged update. Hit the download below to grab it.