Microsoft has issued a temporary fix the recently uncovered Internet Explorer 8 vulnerability that was exploited in the US Department of Labor hack for serving malware.
The vulnerability affects only IE8 so users running Internet explorer versions 6, 7, 9 and 10 do not need to take any action.
Microsoft is working on fixing the issue. In the meantime, users are urged to apply the temporary fix to prevent from the attack.
To do this, visit this page "http://support.microsoft.com/kb/2847140" and click the Fix it button or link under the Enable heading.
If you are a pentester, the technical analysis and metasploit module can be found here:
https://community.rapid7.com/community/metasploit/blog/2013/05/05/department-of-labor-ie-0day-now-available-at-metasploit
The vulnerability affects only IE8 so users running Internet explorer versions 6, 7, 9 and 10 do not need to take any action.
Microsoft is working on fixing the issue. In the meantime, users are urged to apply the temporary fix to prevent from the attack.
To do this, visit this page "http://support.microsoft.com/kb/2847140" and click the Fix it button or link under the Enable heading.
If you are a pentester, the technical analysis and metasploit module can be found here:
https://community.rapid7.com/community/metasploit/blog/2013/05/05/department-of-labor-ie-0day-now-available-at-metasploit