Microsoft today released an emergency software patch to plug a critical security hole in its Internet Explorer (IE) Web browser that attackers are already using to hack windows computers.
The software giant said it learned about weakness (CVE-2018-8653) after receiving a report from the Google about a new vulnerability being used in targeted attacks.
Satnam Narangsenior research engineer Sustainable, said the vulnerability affects the following IE installations: Internet Explorer 11 from Windows 7 to Windows 10 as well as Windows Server 2012, 2016 and 2019; IE 9 on Windows Server 2008; and IE 10 on Windows Server 2012.
"Because the crash is being actively exploited in the wild, users are encouraged to upgrade their systems as quickly as possible to reduce the risk of compromise," Narang said.
According to a somewhat patchy statement about the patch, malware or intruders can use the flaw to hack into Windows computers simply by having a user visit a hacked or trapped site. An attacker can then install programs; view, change, or delete data; or create new accounts with full user rights.
Microsoft says that users who have Windows Update enabled and have applied the latest security updates are automatically protected. Windows 10 users can manually check for updates in this way; instructions on how to do this for earlier versions of Windows are here.
Tags: CVE-2018-8653, google, zero day Microsoft IE, Satnam Narang, Tenable
This entry was posted on Wednesday, December 19th, 2018 at 4:01 am and is filed under Time to Repair.
You can follow any comments for this entry through the RSS 2.0 feed.
You can skip to the end and leave a comment. Pinging is currently not allowed.