Microsoft has issued an emergency update that fixes a critical Internet Explorer vulnerability that attackers are actively exploiting on the Internet.
The memory-corruption flaw allows attackers to remotely execute malicious code when computers use IE to visit a booby-trapped website, Microsoft said Wednesday. Indexed as CVE-2018-8653, the flaw affects all supported versions of Windows. The vulnerability involves the way Microsoft’s scripting engine handles objects in memory in Internet Explorer.
In a separate advisory, Microsoft said the vulnerability is being used in targeted attacks, but the company didn’t elaborate. Microsoft credited Clement Lecigne of Google’s Threat Analysis Group with discovering the vulnerability. No other details were available about the vulnerability or exploits at the time this post was being reported.
Microsoft said that customers who have Windows Update enabled and have applied the latest security updates are automatically protected against exploits. Microsoft said it knows of no workarounds of mitigations. Windows users should ensure their computer installs the update as soon as possible, even if they don’t normally use IE to browse sites.
- [LLODO] Biden is ‘fueling’ cartels, smugglers with immigration policy: Chad Wolf
- [LLODO] Brother of Colorado mom allegedly murdered by boy, 14, was fatally shot years earlier; family wants justice
- [LLODO] New York Public Library will keep Dr. Seuss books on its shelves: Here’s why
- [LLODO] Villanova issues warning after 4 female students say they were sexually assaulted in dorms
- [LLODO] Ex-Maryland police chief dubbed ‘serial arsonist’ allegedly set 12 fires targeting enemies
- [LLODO] COVID highlights college grads’ regret of school choices due to high tuition costs, debt: analysis
- [LLODO] Baltimore HS student fails all but 3 classes over 4 years, ranks near top half of class
- [LLODO] Chicago teen murdered by Latin King gang members over haircut