Microsoft Released Security Updates for Internet Explorer zero-day

Microsoft released security updates for remote code exection vulnerability that exists with Internet explorer, which allows an attacker to execute an arbitary code in the context of the current user.

The vulnerability is tracked as CVE-2018-8653. It was identified by Google’s Threat Analysis Group and the vulnerability is currently being exploited in wild.

Microsoft  recently released Security Updates & Fixed 39 Vulnerabilities Including Active Zero-day

The bug can be exploited if the user visited a specially crafted webpage that was designed to exploit the vulnerability through Internet Explorer browser.

An attacker who has successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged in with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

If the attacker takes control over the system, they can utilize it to download additional malware and execute the malware with user access.

The vulnerability could corrupt the memory, which allows an attacker to run the an arbitary code remotely. Now Microsoft fixed the Zero-day by modifying the script engine that handles the object.

To fix the vulnerability, Microsoft released a Cumulative security update for Internet Explorer KB4470199 allowing the users to confirm the update by verifying the version of jscript.dll is 5.8.9600.19230.

This update is applicable to Internet Explorer 11 on Windows 10, Internet Explorer 11 on Windows 8.1 Update, Internet Explorer 11 on Windows 7 SP1, Internet Explorer 10 on Windows Server 2012, Internet Explorer 9 – Windows Embedded Standard 2009 & Windows Embedded POSReady 2009..

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Multiple Flaws With Android & Google Pixel Devices Let Attackers Elevate Privileges

Several high-severity vulnerabilities have been identified in Android and Google Pixel devices, exposing millions of…

12 minutes ago

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…

16 hours ago

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…

16 hours ago

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…

19 hours ago

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities, including…

22 hours ago

Veritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…

23 hours ago