There is no word on which threat actor is abusing the severe vulnerability for attacks
Microsoft is urging Windows users to install an emergency security patch to address a critical vulnerability that affects multiple versions of Internet Explorer (IE) and is under active exploitation by unspecified bad actors.
The company’s advisory notes that the zero-day, listed as CVE-2019-1367, is a remote code execution vulnerability that has to do with how the browser’s scripting engine handles objects in memory. It affects IE versions 9, 10 and 11.
If exploited, the security hole could allow remote attackers to run malicious code on the affected system, giving them the same privileges as those of the current user. If the user is logged in with admin rights, the attackers could take complete control of the system to install malware, steal or tamper with data, and set up accounts with full user rights.
“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email,” said Microsoft. The bug has also prompted a warning from the United States’ Cybersecurity and Infrastructure Security Agency (CISA).
IE users are advised to install the updates post-haste. To do so, some user action is needed, such as by following the links to t ..
Support the originator by clicking the read the rest link below.
