IE 8 security bulletin MS13-038 fixes a flaw used by hackers to control the Web page of the U.S. Department of Labour earlier this month
Microsoft Inc. is advising users of its Internet Explorer 8 to immediately apply a critical patch which it released Tuesday along with nine other fixes for the browser.
Microsoft last week issued a temporary fix for that vulnerability.
Users of Windows Serer 2012 were also advised by Microsoft to install MS 13-039. It is meant to fix a flaw in the Microsoft Web IIS (Internet Information Services) that could be used in a Denial of Service Attack (DoS) with the use of an HTTP (hypertext transfer protocol) jacket.
The vulnerability makes it easy launch such a DoS attack and that the method could be used by hackers as early as next week, according to some security experts.
DoS attacks are considered second or third tier risks but they could be very disruptive to an organization, said Ross Barrett, senior manager of security engineering at security firm Rapid7. He said many remote services and Active Directory integrators rely on http systems.
Another security bulletin MS 13-037 released on Patch Tuesday, deals with 11 issues that make it easy to inject malicious code into Internet Explorer from specially crafted Web pages that allow attackers to control the PC of visitors.
The remaining patches were not critical. They address bugs in Microsoft Lync, MS Publisher, Word, Visio, Windows Essential, .Net and the Windows kernel