Together, towards a better future

Unpatched IE Browser Zero-Day That's Under Active Attacks

Microsoft earlier today issued an emergency security advisory warning millions of Windows users of a new zero-day vulnerability in Internet Explorer (IE) browser that attackers are actively exploiting in the wild — and there is no patch yet available for it.


1 min read
Unpatched IE Browser Zero-Day That's Under Active Attacks

The company's security advisory (ADV200001) currently only includes workarounds and mitigations that can be applied in order to safeguard vulnerable systems from attacks.

A remote attacker can execute arbitrary code on targeted computers and take full control over them just by convincing victims into opening a maliciously crafted web page on the vulnerable Microsoft browser.

At the time of writing, there is no patch for this issue. Microsoft said it was working on a fix, to be released at a later date.

"The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user," the advisory says.

These limited IE zero-day attacks are believed to be part of a larger hacking campaign, which also involves attacks against Firefox users.

The affected web browsing software includes — Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 running on all versions of Windows 10, Windows 8.1, and the recently-discontinued Windows 7.

Newsletter
Get all the latest posts delivered straight to your inbox!
🎉 You've successfully subscribed to Hack Hex!
OK