Windows: IE8 zero-day (2847140)

SUMMARY: Windows: IE8 zero-day (2847140)
POSTED ON: 05/09/2013
REPORTER: Jocelyn E Kasamoto (jocelyn)
START TIME: May 09 04:21 PM
END TIME: May 23 04:21 PM
DESCRIPTION: Microsoft released Security Advisory 2847140 and reported a zero-day vulnerability in Internet Explorer (IE) 8 that could allow remote code execution. There are reports of known attacks targeting IE 8 on Windows XP. IE 8 on all platforms (XP, Vista and Windows 7) are affected. IE 6, IE 7, IE 9, and IE 10 are not affected.

The IE8 remote code vulnerability can allow hackers to inject malware into a webpage or a user's computer. Multiple security firms warned that IE8 was used to launch attacks at government workers at the U.S. Dept of Labor and U.S. Dept of Energy.

Please install the temporary Microsoft FixIt 50992 to enable the CVE-2013-1347 MSHTML Shim workaround, until Microsoft releases a security update for this vulnerability.

To install FixIt 50992, go to

To enable or disable this Fix it solution, click the Fix it button or link under the Enable heading or under the Disable heading, click Run in the File Download dialog box, and then follow the steps in the Fix it wizard.

A reboot is not required.

You must do this on the affected computer. For IT professionals, you may save the *.msi on a flash drive and install it on the affected computers.

If you need assistance or have questions, please contact the ITS Help Desk at 956-8883 or email

For More Information