Microsoft says no to fixing ancient IE

It appears that the software king of the world Microsoft has had a gutsful of fixing ancient versions of its software because businesses cannot be bothered upgrading.

Microsoft has decided not to fix an IE 8 zero-day first identified seven months ago, instead telling users to upgrade their browers and stop messing about.

The vulnerability meant that attackers could execute arbitrary code on computers running the older Internet Explorer version 8.

It was discovered through HP’s Zero Day Initiative vulnerability clearing house and Vole was told about it two weeks ago.

The vulnerability exists in Internet Explorers’ handling of CMarkup objects.

“This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file,” the disclosure read.

“An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.”

It is not as grim as it appears. The apps open emails in the script-blocking ‘restricted sites zone’ so people are not likely to fall for it.

Redmond released work-arounds suggesting users harden IE 8 security by changing settings to block and alert use of ActiveX Controls and Active Scripting, and install its Enhanced Mitigation Experience Toolkit (EMET).

But, hell, anyone who finds it too difficult to upgrade a browser should really consider going back to a slide rule and a piece of paper.