View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 20, 2018

Internet Explorer Patch: Google to Microsoft, You Should Probably Fix That

Vulnerability allowed attacker to gain full privileges from user just visiting a web-page

By CBR Staff Writer

Microsoft has released an update for Internet Explore after Google’s Threat Analysis Group discovered a vulnerability that allowed threat actors to inject malware into your system if you visit their webpage.

The remote-code execution vulnerability in the scripting engine, vulnerability CVE-2018-8653 was swiftly patched by Microsoft due to the seriousness of the threat.

Microsoft security response centre’s team wrote that: “A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.”

“The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.”

If an threat actor has established a website with this vulnerability in mind then simply visiting the website using Internet Explorer would be enough to let them inject code through the browser into your system.

To make matters worse if you are also logged in with administration privileges then the attacker gains these through the vulnerability, allowing them to take control of the system and then inject code or install programs, deleted data or do anything they want because they now have full users rights.

Internet Explorer Update

Microsoft security also outlined a not-too-hard to imagine scenario where a threat actor uses an email campaign to get users to visit websites exploiting the bug.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The company commented that: “An attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.”

The security update Microsoft has rolled out mitigates the vulnerability by modifying how the scripting engine handles objects in memory.

See Also: NASA Servers Breached: “A Top Agency Priority”

Microsoft has thanked the team at Google for pointing out this massive flaw in their scripting engine. MSCRC team commented that: “Today, we released a security update for Internet Explorer after receiving a report from Google about a new vulnerability being used in targeted attacks.”

“Customers who have Windows Update enabled and have applied the latest security updates, are protected automatically. We encourage customers to turn on automatic updates.”

“Microsoft would like to thank Google for their assistance”

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.