Microsoft yesterday released a temporary fix for the IE8 0day vulnerability, a tool called "cve-2013-1347 MSHTML Shim Workaround", which users can download on the Microsoft Web site.
Microsoft confirmed in Friday that a 0day vulnerability in IE8 could lead to remote code execution. IE8 users in XP, Vista and Win7 are likely to be attacked, and Microsoft advises Vista and Win7 users to upgrade their browsers to IE9 or IE10 for reuse.
Temporary fix Patches
The U.S. Department of Labor and the U.S. Department of Energy have been hit by the watering hole attack, and 9 sites have been attacked for this vulnerability, including non-profit organizations.
The vulnerability currently only affects IE8, while IE6, IE7, IE9, and IE10 are safe. Now that Microsoft has released a temporary repair tool, it is best for the affected users to download the fixes as soon as possible. The final fix may need to wait until Microsoft's next "Tuesday Patch".
In fact, the most effective way to circumvent this vulnerability is to upgrade to a later version of IE Browser, as for XP users to quietly use the repair tool.