Microsoft releases Fix it for critical IE8 0-day

Microsoft has released a one-click Fix it for mitigating the effect of the IE 8 zero-day vulnerability that is being used in watering hole attacks in the wild.

Given that a Metaspolit module exploiting the vulnerability has already been released, it’s just a matter of time until the exploit is integrated in a malicious exploit kit.

IE 8 users are advised to upgrade to IE 9 or 10, but those who are unable to do it for whatever reason would do well to download and install the Fix it. Applying it does not require a reboot.

Users who don’t know which version of the browser are using can check by opening Internet Explorer, pressing ALT+H, and then click “About Internet Explorer”.

Microsoft is working on a patch for the flaw, but is still unknown whether it will be included in this month’s Patch Tuesday.