[ Dec 20, 2018 ]
Microsoft Corp. today issued a rare standalone security update for Internet Explorer after the discovery of an actively exploited vulnerability.
Discovered by Google’s Threat Analysis Group, it’s described as a vulnerability in the way in which the Internet Explorer scripting engine handles objects in memory.
“The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user,” Microsoft explained in a so-called “out-of-band” security advisory. “An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.”
The company added that if the current user is logged on with administrative user rights, “an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
The vulnerability can be triggered in a variety of ways, including via a specially crafted web page that a user visits according to the Cisco Talos Intelligence Group.
Cyber Security Tips:
As the flaw is being actively exploited in the wild, users are urged to update their systems as soon as possible to reduce the risk of compromise.