Microsoft issues emergency update to fix critical IE flaw under active exploit

Microsoft issues emergency update to fix critical IE flaw under active exploit

Microsoft has issued an emergency replace that fixes a vital Web Explorer vulnerability that attackers are actively exploiting on the Web.

The memory-corruption flaw permits attackers to remotely execute malicious code when computer systems use IE to go to a booby-trapped web site, Microsoft mentioned Wednesday. Listed as CVE-2018-8653, the flaw impacts all supported variations of Home windows. The vulnerability entails the best way Microsoft’s scripting engine handles objects in reminiscence in Web Explorer.

In a separate advisory, Microsoft mentioned the vulnerability is being utilized in focused assaults, however the firm did not elaborate. Microsoft credited Clement Lecigne of Google’s Menace Evaluation Group with discovering the vulnerability. No different particulars had been accessible in regards to the vulnerability or exploits on the time this submit was being reported.

Microsoft mentioned that prospects who’ve Home windows Replace enabled and have utilized the most recent safety updates are robotically protected towards exploits. Microsoft mentioned it is aware of of no workarounds of mitigations. Home windows customers ought to guarantee their pc installs the replace as quickly as attainable, even when they do not usually use IE to browse websites.

https://arstechnica.com/?p=1431145

SHARE
Staff Writer
The above article is by a guest contributor, or shared from another news outlet.