Microsoft has passed on fixing a flaw in Internet Explorer 8. The company was informed of said remotely exploitable vulnerability back in October 2013 by Belgian researcher Peter 'corelanc0d3r' Van Eeckhoutte. That's a full seven months after a bug has been found in the software, which can be exploited if a consumer opens up a link to a malicious web page or by opening a pesky infected email.
The tech giant confirmed the vulnerability back in February, after the bug was disclosed by the Zero-Day Initiative (ZDI), but has failed to include a fix in any of the patches we've seen rolled out since.
Microsoft has informed CNET that it had not seen the bug actively exploited and thus has not released a fix. Simply put, no one has yet used the flaw to attack anyone. The company recently released a patch for IE and updated Windows XP even after announcing the end of support for the dated operating system.
It has been recommended that people using IE 8 set Internet security zone settings to "high" to block ActiveX Controls and Active Scripting. Users can also configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone or install the Enhanced Mitigation Experience Toolkit (EMET).
That all said, you could simply upgrade to Windows 8 and enjoy Internet Explorer 11.