Microsoft issues emergency fix for Internet Explorer zero-day

Cyber Security

Details are sparse about a security hole that Microsoft said is being exploited in targeted attacks

Microsoft rolled out an emergency security update on Wednesday to patch a zero-day vulnerability in its Internet Explorer (IE) web browser that malicious actors are exploiting in the wild to hack into Windows computers.

The security hole – classified as a remote-code execution vulnerability and tracked as CVE-2018-8653 – resides in IE’s scripting engine, specifically in how the engine handles objects in memory. If exploited, the flaw gives the attacker the same privileges as those of the current user.

“If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” reads Microsoft’s advisory.

Cyber-criminals could exploit the memory-corruption vulnerability and infiltrate Windows machines, for example, by luring IE users to visit a malicious website.

The out-of-band update to plug in the hole in IE9, IE10 and IE11 was made available for Windows 7, 8.1 and 10 systems, as well as Windows Server 2008, 2012, 2016, and 2019. Users are strongly recommended to apply the latest updates as soon as possible.

“Customers who have Windows Update enabled and have applied the latest security updates, are protected automatically. We encourage customers to turn on automatic updates,” wrote Microsoft, which credited Google’s Threat Analysis Group with reporting the vulnerability.

Microsoft’s supporting documentation also provides guidance for Windows users and/or administrators who want to address the flaw via workarounds in case they’re unable to apply the fix immediately.





Products You May Like

Articles You May Like

Shutdown hits government websites as certificates begin to expire
Sofia Coppola and Bill Murray will reunite for Apple and A24
Police Can’t Force You To Unlock Your Phone Using Face or Fingerprint Scan
President Bolsonaro should boost Brazil’s entrepreneurial ecosystem
Dems Use Fake News Propaganda in Alabama Campaign

Leave a Reply

Your email address will not be published. Required fields are marked *