- The IE zero-day flaw could grant full access to victims’ computers.
- Internet Explorer 9, 10, 11 affected.
- The zero-day flaw was discovered by Google’s Threat Analysis Group.
Windows maker Microsoft has rolled out an emergency patch for Internet Explorer to fix a critical zero-day vulnerability. The zero-day flaw allowed attackers to execute code remotely and affects Internet Explorer 9, 10 and 11.
The Internet Explorer zero-day flaw allowed attackers to take control of victims’ computers by executing code remotely when users visit malicious websites. It was identified by Clément Lecigne who is a part of Google’s Threat Analysis Group – the same group had earlier identified and reported an advanced
Chinese iPhone malware campaign.
Attacker could gain full control
Transform talent with learning that worksCapability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More Explaining the flaw, Microsoft noted that attackers could end up gaining administrator rights if the affected user is an administrator. The attacker could install new programs, add, modify or delete data, or even create new user accounts with full rights.
“A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could run arbitrary code in the context of the current user. The security update addresses the vulnerability by changing how the scripting engine handles objects in memory,” the
CVE page revealed.
Although Microsoft has been advising Windows users to switch Edge, Internet Explorer is still used by a sizable number of users. According to the latest report by
StatCounter, Internet Explorer has a 4.4% market share globally, just a shade lower than Edge’s 4.71% share.
Windows Defender also gets a security fix
Apart from the fix for Internet Explorer, Microsoft has also issued a patch for Windows Defender Denial of Service vulnerability. Initially reported by Charalampos Billinis from F-Secure Countercept and Wenxu Wu from Tencent Security Xuanwu Lab, this
vulnerability is not as serious as the Internet Explorer zero-day. Microsoft says that this vulnerability does not seem to have been exploited as of now.
Next Story
I spent 2 weeks in India. A highlight was visiting a small mountain town so beautiful it didn't seem real. 
I quit McKinsey after 1.5 years. I was making over $200k but my mental health was shattered.
Some Tesla factory workers realized they were laid off when security scanned their badges and sent them back on shuttles, sources say
Indian Railways to break record with 9,111 trips to meet travel demand this summer, nearly 3,000 more than in 2023
India's exports to China, UAE, Russia, Singapore rose in 2023-24
A case for investing in Government securities
Top places to visit in Auli in 2024
Sustainable Transportation Alternatives
