Security Bug in Internet Explorer 8 Still Roams After 7 Months

Paul Lilly

Will Microsoft ever bother to squash this security bug?

There's a zero-day security flaw in Internet Explorer that's been known for at least the last 7 months , yet Microsoft has yet to release a patch. Perhaps it never will -- after all, IE8 is the last version of Microsoft's browser to support Windows XP, which itself is now an unsupported operating system . Alternately, Microsoft might just be having a really tough time with this one -- the Redmond outfit doesn't have a whole lot to say on the matter.

According to Zero Day Initiative , the vulnerability allows remote hackers to execute arbitrary code on vulnerable installations. The exploit requires user interaction, in that the target has to first visit a malicious website or open up a malicious file. In either case, it could spell bad news for the victim.

So, what's going on with Microsoft?

"We build and thoroughly test every security fix as quickly as possible. Some fixes are more complex than others, and we must test every one against a huge number of programs, applications, and different configurations," a Microsoft spokesperson told CNET .

Understood, though a recent zero-day bug discovered in multiple versions of IE shortly after support for XP ended was patched by an out-of-cycle update in less than a week after its discovery.

Follow Paul on Google+ , Twitter , and Facebook

Around the web