Stefan Mileschin

Microsoft wants people to upgrade to IE10 but is having a job because IE8 is still fairly popular.

It has become a suitable tool for those who did not like the changes Vole made during the Windows 8 era.

However, now Microsoft has found a rather good weapon to motivate its slacker customers - a rather nasty security flaw, which it won't patch until its next round of monthly updates.

The zero-day vulnerability is serious enough that continuing to use the browser isn't advisable from a security standpoint.

The vulnerability has been used to launch attacks aimed at US government workers including the Department of Labour and the Department of Energy.

A website's code script points visitors to a malicious server, which in turn serves up the Poison Ivy Trojan.

NextGov reported that a specific site that was hacked dealt with "nuclear-related illnesses" linked to Department of Energy facilities of employees who may have fallen ill developing or disarming nuclear weapons.

Poison Ivy is linked to "DeepPanda" hackers, which are thought to be based in mainland China.

Microsoft points out that it has offered two new web browsers for free to all of its Windows customers since Internet Explorer, and can't reasonably be expected to continue tech support for the discontinued version indefinitely.

While some IE8 users are using older hardware which can't properly support a newer and more resource-hungry browser, government based outfits should have upgraded a long time ago or moved to Mozilla's Firefox and Google's Chrome.

The Vole seems to think that by telling the world about a crucial security hole well ahead of closing it up, it will give users the final push to do something about it.

http://news.techeye.net/security/nas...spotted-in-ie8