Microsoft rolls out emergency patch for Internet Explorer zero-day flaw

Advertisement
Microsoft rolls out emergency patch for Internet Explorer zero-day flaw

Advertisement
  • The IE zero-day flaw could grant full access to victims’ computers.
  • Internet Explorer 9, 10, 11 affected.
  • The zero-day flaw was discovered by Google’s Threat Analysis Group.
Windows maker Microsoft has rolled out an emergency patch for Internet Explorer to fix a critical zero-day vulnerability. The zero-day flaw allowed attackers to execute code remotely and affects Internet Explorer 9, 10 and 11.

The Internet Explorer zero-day flaw allowed attackers to take control of victims’ computers by executing code remotely when users visit malicious websites. It was identified by Clément Lecigne who is a part of Google’s Threat Analysis Group – the same group had earlier identified and reported an advanced Chinese iPhone malware campaign.

Attacker could gain full control

Complimentary Tech Event
Discover the future of SaaS in India
The 6-part video series will capture the vision of Indian SaaS leaders and highlight the potential for the sector in the decades to come.25th Aug, 2022 Starts at 04:00 PM (40 mins)Register Now
Our Speakers
Dan Sheeran
Sandeep Gupta
Explaining the flaw, Microsoft noted that attackers could end up gaining administrator rights if the affected user is an administrator. The attacker could install new programs, add, modify or delete data, or even create new user accounts with full rights.

“A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could run arbitrary code in the context of the current user. The security update addresses the vulnerability by changing how the scripting engine handles objects in memory,” the CVE page revealed.

Advertisement

Although Microsoft has been advising Windows users to switch Edge, Internet Explorer is still used by a sizable number of users. According to the latest report by StatCounter, Internet Explorer has a 4.4% market share globally, just a shade lower than Edge’s 4.71% share.

Windows Defender also gets a security fix

Apart from the fix for Internet Explorer, Microsoft has also issued a patch for Windows Defender Denial of Service vulnerability. Initially reported by Charalampos Billinis from F-Secure Countercept and Wenxu Wu from Tencent Security Xuanwu Lab, this vulnerability is not as serious as the Internet Explorer zero-day. Microsoft says that this vulnerability does not seem to have been exploited as of now.



{{}}