Microsoft rolls out emergency patch for Internet Explorer zero-day flaw
- The IE zero-day flaw could grant full access to victims’ computers.
- Internet Explorer 9, 10, 11 affected.
- The zero-day flaw was discovered by Google’s Threat Analysis Group.
The Internet Explorer zero-day flaw allowed attackers to take control of victims’ computers by executing code remotely when users visit malicious websites. It was identified by Clément Lecigne who is a part of Google’s Threat Analysis Group – the same group had earlier identified and reported an advanced Chinese iPhone malware campaign.
Attacker could gain full control
Explaining the flaw, Microsoft noted that attackers could end up gaining administrator rights if the affected user is an administrator. The attacker could install new programs, add, modify or delete data, or even create new user accounts with full rights.
“A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could run arbitrary code in the context of the current user. The security update addresses the vulnerability by changing how the scripting engine handles objects in memory,” the CVE page revealed.
Although Microsoft has been advising Windows users to switch Edge, Internet Explorer is still used by a sizable number of users. According to the latest report by StatCounter, Internet Explorer has a 4.4% market share globally, just a shade lower than Edge’s 4.71% share.
Windows Defender also gets a security fix
Apart from the fix for Internet Explorer, Microsoft has also issued a patch for Windows Defender Denial of Service vulnerability. Initially reported by Charalampos Billinis from F-Secure Countercept and Wenxu Wu from Tencent Security Xuanwu Lab, this vulnerability is not as serious as the Internet Explorer zero-day. Microsoft says that this vulnerability does not seem to have been exploited as of now.
Popular on BI
- Shimla stipulated 75 ponds Amrit Sarovar for water conservation to mark Azadi Ka Amrit Mahotsav
- Mumbai breathes its cleanest air ever for the second time this monsoon
- Reliance Jio, Voda step up hiring as 5G related job postings up 65%
- Rupee gains 22 paise against the dollar as crude prices ease, FPIs come back
- Cabinet clears proposal to raise ECLGS corpus to Rs 5 lakh cr for tourism and hospitality sector