It might be the last day of 2012, but there’s still time to issue yet another patch to fix a zero-day exploit in Microsoft Internet Explorer 6, 7 and 8. Confirmed on Saturday by Microsoft, this patch fixes a vulnerability in all versions of IE prior to v9 that may allow hackers to gain control over a victim’s machine. This latest weakness is likely to be exploited when a computer using one of the versions of the aforementioned browser visits a malicious website, allowing it to run code that can corrupt the memory on the victim’s computer and from there execute malicious code as the logged in user, potentially resulting in backdoor installations, malware infections, and zombification.
What this means for you:
It’s conceivable you are still running IE 8 which was released in 2011, so you may be affected by this weakness. If you are running IE7 or, impossibly, IE6 (it was released in 2001 – over 10 years ago!), I’d say you are better off upgrading to the latest version of IE you can reasonably run on your computer, and then making sure it is patched appropriately.