Friday , December 3 2021

Microsoft Issues Emergency Fix for IE Zero Day – Krebs on Security


Microsoft has today released an emergency software software to connect a critical security hole in its Internet Explorer (IE) browser that attackers are already using to break in Windows computers.

The software giant said it was about weakness (CVE-2018-8653) after receiving a report from Google about a new vulnerability used in targeted attacks.

Satnam Narang, Senior Research Engineer at sustainable, said vulnerability affects the following installations of IE: Internet Explorer 11 from Windows 7 to Windows 10 and Windows Server 2012, 2016 and 2019; IE 9 on Windows Server 2008; and IE 10 on Windows Server 2012.

"As the bug is actively exploited in nature, users are encouraged to update their systems as soon as possible to reduce the risk of compromises," said Narang.

According to a little sparing advice on the patch, malicious software or attackers can use the error to break into Windows computers simply by getting a user to visit a hacked or booby-captured site. An attacker can then install programs; view, modify or delete data or create new accounts with full user rights.

Microsoft says that users who have Windows Update enabled and have applied the latest security updates are automatically protected. Windows 10 users can manually check for updates in this way; instructions on how to do it for earlier versions of windows are here.

Tags: CVE-2018-8653, google, Microsoft IE zero day, Satnam Narang, Tenable

This post was published on Wednesday, 19 December 2018 at 16:01 and is filed in time for patch.
You can follow some comments on this post via the RSS 2.0 feed.

You can jump to the end and leave a comment. Pinging is currently not allowed.

Source link