Microsoft Internet Explorer gets emergency update for 0-day

Posted on Tuesday, Sep 24 2019 @ 10:57 CEST by Thomas De Maesschalck
MSFT logo
Microsoft published an out-of-band emergency update for Internet Explorer. The patch fixes an unspecified security vulnerability that's actively exploited by cybercriminals.

The exploit makes it possible to execute arbitrary code by luring a visitor to a specially crafted web page. Microsoft's Internet Explorer 9, 10, and 11 are affected, the Edge browser is safe.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user... An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The advisory said the vulnerability is being actively exploited in the wild, but it didn’t elaborate on the attacks. The vulnerability affects IE versions 9, 10, and 11. IE has fallen out of favor since the release of the Edge, which researchers widely agree is more resistant to hacking attacks. IE users who can switch to the latest version of Edge should do so. IE users who are unable to change browsers should install Monday’s out-of-band update immediately.
At the same time, the patch also fixes an unrelated denial-of-service vulnerability in Windows Defender. This bug is not as easy to exploit and can only be used to generate false positives, which could prevent the running of legitimate system binaries. Via: ARS Technica


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments