REDMOND – A critical security flaw in Microsoft’s Internet Explorer 8 has gone unfixed since October 2013, according to a new report from the Zero-Day Initiative.
The report, which was issued because of ZDI’s policy to reveal zero-day flaws that go unfixed for more than 180 days, says that the vulnerability allows an attacker to run malicious code in IE 8 when you visit a website designed to infect your computer, CNET News.Com reported.
Microsoft learned of the zero-day — the term given to a previously unknown, unpatched flaw — in October but has been unable to fix it. Whether that’s because IE 8 is the last version of the browser to support Windows XP, which Microsoft officially no longer supports, or because the flaw itself is hard to fix, Microsoft would not say.