Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Google Engineer Finds Zero-Day Flaw in Microsoft Browser
#1
https://news.softpedia.com/news/google-e...pd_related     Google Engineer Finds Zero-Day Flaw in Microsoft Browser
Quote:Vulnerability fixed in the latest update release        Dec 20, 2018 06:24 GMT  ·  By Bogdan Popa               
Internet Explorer on Windows 10 version 1809

A Google engineer has discovered a zero-day flaw in Internet Explorer that would allow an attacker to take full control of an unpatched system.

Detailed in CVE-2018-8653, the scripting engine memory corruption vulnerability affects Internet Explorer on all supported versions of Windows, from Windows 7 to Windows 10 (version 1809 included).

The bug was discovered and reported to Microsoft by Clement Lecigne of Google’s Threat Analysis Group. While it wasn’t publicly disclosed, the vulnerability is already being exploited, according to Microsoft.

In order to compromise a vulnerable system, an attacker needs to point users to a malicious website specifically created to exploit the flaw. As a result, users are recommended to stay away from untrusted web links until they patch their devices.

Microsoft Edge fully secure
“A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user,” Microsoft explains.

“If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Microsoft has already resolved the security flaw with the latest Windows 10 cumulative updates, and security patches have also been released for Windows 7 and Windows 8.1. They are available right now from Windows Update as KB4483187 for both systems.

Internet Explorer is no longer Microsoft’s number one browser, but it continues to receive security updates. Microsoft Edge is not affected by the vulnerability.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Hackers exploit Microsoft MSHTML bug to steal Google, Instagram creds mrtrout 0 1,195 11-25-2021 , 02:58 PM
Last Post: mrtrout
  Microsoft and Google release urgent browser security update for Risk Level 4 Drive-b mrtrout 0 908 08-23-2021 , 09:13 AM
Last Post: mrtrout
  Microsoft: Office 365 is blocking emails from Google, LinkedIn domains tarekma7 0 1,005 05-22-2021 , 04:18 PM
Last Post: tarekma7
  Mozilla Fixes Firefox Flaw That Allowed Spoofing of HTTPS Browser Padlock Mohammad.Poorya 0 1,209 04-21-2021 , 07:08 PM
Last Post: Mohammad.Poorya
  FireEye finds new malware likely linked to SolarWinds hackers Bjyda 0 1,536 03-04-2021 , 07:15 PM
Last Post: Bjyda



Users browsing this thread: 2 Guest(s)