Microsoft releases emergency patch for Internet Explorer2018-12-20 12:13 by Daniela
Tags: Microsoft, Internet Explorer
Microsoft has released security update for Internet Explorer after Google informed the company of an exploit being used in targeted attacks. The vulnerability (ID CVE-2018-8653) affects Internet Explorer 11 from Windows 7 to Windows 10 as well as Windows Server 2012, 2016 and 2019; IE 9 on Windows Server 2008; and IE 10 on Windows Server 2012.
According to Microsoft, attackers are already exploiting the vulnerability, making it a classic "zero-day" bug. Apparently, they simply have to get users to visit websites engineered to exploit it - by sending them links via email, for instance - in order to hijack their computers. Once attackers gain control of their system, they can install programs, view or even change data, as well as create new accounts with full user rights.
"An attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email," a Microsoft security advisory said. "If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability ... could then install programs; view, change, or delete data; or create new accounts with full user rights."
Microsoft said that customers who have Windows Update enabled and have applied the latest security updates are automatically protected against exploits.
Read more -here-