Lucene search

threatpostTom SpringTHREATPOST:6D2D80453D0F81ED6BC5BFC9B8F3EDCA
HistoryDec 20, 2018 - 2:30 p.m.

Microsoft IE Zero Day Gets Emergency Patch

Tom Spring

0.051 Low




Microsoft patched a zero-day vulnerability in its Internet Explorer browser that is actively being exploited by attackers. The bug, reported by Google, is a remote code execution vulnerability that allowed attackers to infiltrate vulnerable systems via a booby trapped website that could have injected malicious code into the Internet Explorer browser.

“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft wrote in an advisory posted Wednesday. “In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.”

The vulnerability (CVE-2018-8653) has been exploited in the wild, according to Satnam Narang, senior research engineer at Tenable. He said the bug allows an attacker to assume the privileges of the current Windows user and execute arbitrary code on the targeted system.

“If the current user has administrative rights on a system, an attacker can take control of the victim’s system to implant malware, modify data and add additional user accounts,” Narang wrote in an email.

Microsoft is urging customers to ensure that their Windows systems receive the Windows Update. Windows 10 users can also check for updates manually. Users of earlier versions of Windows can also check for updates here.

Since the vulnerability is actively being exploited in the wild, neither Microsoft or Google’s Threat Analysis Group has disclosed technical details tied to the IE zero-day vulnerability.

According to Microsoft, the remote code execution vulnerability exists because of the way affected versions of the IE browser’s scripting engine handles objects in memory. “The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user,” it said.

The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory, according to Microsoft.