The vulnerability was used by attackers last week against the U.S. Department of Labor Microsoft has released a temporary fix for a zero-day vulnerability in Internet Explorer 8, which was used by hackers in a prominent attack against the U.S. Department of Labor’s website.The problem is particularly dangerous since it can allow an attacker to install malware merely by visiting a tampered web page. Microsoft is still working on a patch, wrote Dustin Childs, group manager for the company’s Trustworthy Computing division.“Customers should apply the Fix it or follow the workarounds listed in the advisory to help protect against the known attacks,” Childs said in a statement.The vulnerability is described as a problem in the way IE “accesses an object in memory that has been deleted or has not been properly allocated.” IE versions 6, 7, 9 and 10 are not affected. Microsoft calls the fix “CVE-2013-1347 MSHTML Shim Workaround.” The company normally issues updates for its products on the second Tuesday of the month, but will issue an out-of-schedule patch if the problem is deemed serious enough.Security vendors Invincea and AlienVault found that hackers planted attack code within a U.S. Labor Department web page with information on toxic substances at U.S. Department of Energy facilities. The code redirected people to another infected page within the site, which then attempted to exploit the IE 8 vulnerability. AlienVault said the hacking campaign appeared similar to a known China-based one called “DeepPanda,” which installed remote-access trojans (RATs).A large Fortune 500 company was attacked in December 2011 by DeepPanda, AlienVault said.Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk Related content news Gitlab fixes bug that exploited internal policies to trigger hostile pipelines It was possible for an attacker to run pipelines as an arbitrary user via scheduled security scan policies. By Shweta Sharma Sep 21, 2023 3 mins Vulnerabilities Security feature Key findings from the CISA 2022 Top Routinely Exploited Vulnerabilities report CISA’s recommendations for vendors, developers, and end-users promote a more secure software ecosystem. By Chris Hughes Sep 21, 2023 8 mins Zero Trust Threat and Vulnerability Management Security Practices news Insider risks are getting increasingly costly The cost of cybersecurity threats caused by organization insiders rose over the course of 2023, according to a new report from the Ponemon Institute and DTEX Systems. By Jon Gold Sep 20, 2023 3 mins Budget Data and Information Security news US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks Cyber insurance claims frequency increased by 12% in the first half of 2023 while claims severity increased by 42% with an average loss amount of more than $115,000. By Michael Hill Sep 20, 2023 3 mins Insurance Industry Risk Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe