Users running Internet Explorer 8 — an estimated 23 percent of all IE users — should update their systems with an out-of-band emergency patch to prevent a zero-day flaw.
Microsoft has released a fix that patches a critical zero-day vulnerability that was being actively exploited in the wild.
Multiple security firms warned that Internet Explorer 8 was used to launch "watering hole" attacks at government workers at the U.S. Department of Labor and the U.S. Department of Energy. In a security advisory issued on Friday, Microsoft said it was "investigating" the reports and that it was "aware of [the] attacks." It confirmed the flaw as a "remote code execution vulnerability" that allows hackers to inject malware into a webpage or a user's computer.
All Windows versions running IE8 were at risk, including Windows Server 2003, 2008 and R2 versions, though IE6, IE7, IE9 and IE10 were not.
Read more at source:
Microsoft releases emergency patch for critical IE8 zero-day exploit | ZDNet