Friday, November 1, 2024
HomeComputer SecurityMicrosoft Released Security Updates for Internet Explorer zero-day

Microsoft Released Security Updates for Internet Explorer zero-day

Published on

Malware protection

Microsoft released security updates for remote code exection vulnerability that exists with Internet explorer, which allows an attacker to execute an arbitary code in the context of the current user.

The vulnerability is tracked as CVE-2018-8653. It was identified by Google’s Threat Analysis Group and the vulnerability is currently being exploited in wild.

Microsoft  recently released Security Updates & Fixed 39 Vulnerabilities Including Active Zero-day

- Advertisement - SIEM as a Service

The bug can be exploited if the user visited a specially crafted webpage that was designed to exploit the vulnerability through Internet Explorer browser.

An attacker who has successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged in with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

If the attacker takes control over the system, they can utilize it to download additional malware and execute the malware with user access.

The vulnerability could corrupt the memory, which allows an attacker to run the an arbitary code remotely. Now Microsoft fixed the Zero-day by modifying the script engine that handles the object.

To fix the vulnerability, Microsoft released a Cumulative security update for Internet Explorer KB4470199 allowing the users to confirm the update by verifying the version of jscript.dll is 5.8.9600.19230.

This update is applicable to Internet Explorer 11 on Windows 10, Internet Explorer 11 on Windows 8.1 Update, Internet Explorer 11 on Windows 7 SP1, Internet Explorer 10 on Windows Server 2012, Internet Explorer 9 – Windows Embedded Standard 2009 & Windows Embedded POSReady 2009..

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

New AI Tool To Discover 0-Days At Large Scale With A Click Of A Button

Vulnhuntr, a static code analyzer using large language models (LLMs), discovered over a dozen...

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...