Microsoft confirms major security flaw in Internet Explorer, fix expected early next month
Microsoft said it is aware of the security flaw in its Internet Explorer browser. The update, however, could come as late as February 11.
Microsoft has confirmed a zero-day exploit in its Internet Explorer browser that is being used by hackers to conduct "targeted attacks". The company said it was working on a fix that is expected to be released as a part of its monthly security patch next month.
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user," said Microsoft on its website.
"If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," it added.
VU#338824: Microsoft Internet Explorer Scripting Engine memory corruption vulnerability https://t.co/VAnKfBDdLU— US-CERT (@USCERT_gov) January 18, 2020
Microsoft said a hacker could host a "specially crafted website" to exploit the flaw through Internet Explorer and convince a user to open the website through means like sending an email.
Microsoft said it releases security updates on Update Tuesday, the second Tuesday of each month. In this case, the update could come on February 11.
Earlier, the US-CERT (United States Computer Emergency Readiness Team) reported the vulnerability in Internet Explorer which it said was "detected in exploits in the wild." The vulnerability is said to be quite similar to Mozilla's wherein hackers conducted "targeted attacks" exploiting a loophole in the Firefox browser.
Microsoft added that all versions of Windows were impacted by the vulnerability. This also includes Windows 7 for which the company ended the support earlier this week, a TechCrunch report noted. The vulnerability was also found in the Internet Explorer 9, 10, 11 versions.
The latest report comes shortly after Microsoft released an update to fix critical the security flaw in Microsoft's Windows operating system after a tip-off from the US National Security Agency. The flaw could have allowed attackers to access users' private information and even conduct surveillance.
Follow HT Tech for the latest tech news and reviews , also keep up with us on Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.