Microsoft’s Internet Explorer has been a victim of various security exploits in the past and recently a memory corruption flaw has been spotted in multiple versions of Internet Explorer that’s being exploited by hackers. Microsoft confirmed the security flaw, stating that it’s working on finding a fix for security vulnerability.
The latest Internet Explorer bug is known to affect Internet Explorer versions 9, 10 and 11 of the browser in Windows 7, 8.x, 10, Windows Server 2008 as well as 2012. Microsoft detailed the bug in a security alert released last week. As per the alert, the security flaw is a remote code execution vulnerability named CVE-2020-0674, that could corrupt memory in a way where an attacker can execute arbitrary code in the context of the current user. In a nutshell, an attacker who manages to successfully exploit the vulnerability would be able to gain the same user rights as the current user. So, if the current user is logged on with administrative user rights, an attacker who exploits the vulnerability can take control of an affected system. This attacker can also install unwanted programs, change or delete data, as well as set up new accounts with full user rights.
In case of a web-based attack scenario, an attacker has the potential to host a specially crafted website which is especially designed to exploit the vulnerability via Internet Explorer. The hacker can also then convince a user to view the website by sending an email. The US-CERT, division of Homeland Security that reports on major security flaws, tweeted a link to security advisory that consisted of all the details around the bug. It described the bug as the one that’s being “exploited” in the wild, as reported by TechCrunch.
When it comes to addressing the vulnerability, Microsoft added it’s aware of this vulnerability and is working on a fix. “Our standard policy is to release security updates on Update Tuesday, the second Tuesday of each month. This predictable schedule allows for partner quality assurance and IT planning, which helps maintain the Windows ecosystem as a reliable, secure choice for our customers,” mentioned Microsoft in the security alert.