UPDATED 22:22 EST / DECEMBER 19 2018

SECURITY

Microsoft issues urgent security update for Internet Explorer

Microsoft Corp. today issued a rare standalone security update for Internet Explorer after the discovery of an actively exploited vulnerability.

Discovered by Google LLC’s Threat Analysis Group, it’s described as a vulnerability in the way in which the Internet Explorer scripting engine handles objects in memory.

“The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user,” Microsoft explained in a so-called “out-of-band” security advisory. “An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.”

The company added that if the current user is logged on with administrative user rights, “an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

The vulnerability can be triggered in a variety of ways, including via a specially crafted web page that a user visits according to the Cisco Talos Intelligence Group.

Satnam Narang, senior research engineer at Tenable Inc., told SiliconANGLE that the vulnerability is being actively exploited. “While details are not currently available, in most cases, attackers exploit similar vulnerabilities by sending convincing emails to their intended targets with a link to a specially crafted website containing the exploit code,” Narang explained.

The vulnerability affects Internet Explorer 11 from Windows 7 to Windows 10 as well as Windows Server 2012, 2016 and 2019. Internet Explorer 9 is affected on Windows Server 2008, while Internet Explorer 10 is affected on Windows Server 2012. A patch has been pushed out to users of Windows 7, 8.1 and 10 as well as Windows Server 2008, 2012, 2016 and 2019.

“As the flaw is being actively exploited in the wild, users are urged to update their systems as soon as possible to reduce the risk of compromise,” Narang added.

Image: Maxpixel

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU