Microsoft has released a one-click Fix it for mitigating the effect of the IE 8 zero-day vulnerability that is being used in watering hole attacks in the wild.
Given that a Metaspolit module exploiting the vulnerability has already been released, it’s just a matter of time until the exploit is integrated in a malicious exploit kit.
IE 8 users are advised to upgrade to IE 9 or 10, but those who are unable to do it for whatever reason would do well to download and install the Fix it. Applying it does not require a reboot.
Users who don’t know which version of the browser are using can check by opening Internet Explorer, pressing ALT+H, and then click “About Internet Explorer”.
Microsoft is working on a patch for the flaw, but is still unknown whether it will be included in this month’s Patch Tuesday.