Microsoft has urgently released an update that solves a critical vulnerability in Internet Explorer. The vulnerability was actively exploited by attackers, so sealing the leak was crucial. The company did not disclose the type of attacks in which the bug was used.
It is a memory-corruption flaw that allows attackers to execute code from a distance. To do this, hackers only need to use Internet Explorer to visit an infected site. The vulnerability that is exploited for this purpose has to do with the way Microsoft’s scripting engine handles the objects in the browser’s memory.
Microsoft reports that the vulnerability is indexed as CVE-2018-8653. In a separate advisory report, the company writes that it has been used in targeted attacks, although it does not go into that further. Clement Lecigne, from the Google Threat Analysis Group, discovered the vulnerability. Remarkably few details are known about the vulnerability.
We do know, however, that an attacker who successfully exploits the vulnerability is able to obtain the same user rights as the current user of a device. That means that if the current user has admin rights, so does the hacker. After that it is possible for a malicious person to install programs, but also to change and delete data and to create new accounts.
According to Microsoft, customers who have enabled Windows Update and installed the latest security updates are automatically protected. Microsoft states that it is not aware of workarounds around the solutions. In any case, Windows users should make sure that they update their computer as soon as possible. This also applies to people who do not use Internet Explorer.This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.