Microsoft has pushed out an emergency update for Internet Explorer to patch a flaw which has already been active for quite some time. Although the company officially replaced Internet Explorer with its newer Edge browser on Windows 10, some consumers are still using it. As a result, Microsoft will continue to roll out regular security updates for IE until it stops supporting the previous two Windows versions. This is especially good news right now because the security flaw patched by the emergency update is very serious.
The company didn’t provide many details about the exploit being patched via the emergency update for Internet Explorer. However, it did release a support document about the update, which is entitled “CVE-2018-8653.” The document describes an attack in which a remote code execution is possible in the IE scripting engine, which hackers can then use to control objects in the computer’s memory.
If a hacker discovered this vulnerability and then executed an attack, they would receive the same privileges as users who are actually logged in on their computers. This would give them access to everything on that computer and even enable them to add and remove programs, change data, and add more accounts in the case of users with administrator rights. With the patch, Microsoft fixed the problem which concerned handling objects in memory.
“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email,” Microsoft wrote.
According to ComputerWorld, Microsoft learned about the exploit from Google engineer Clement Lecigne. The bug is a classic zero-day vulnerability, which means hackers have already been exploiting it. As a result, the company immediately pushed out an emergency update for Internet Explorer to patch the vulnerability because waiting for the regular security update on Jan. 8 could jeopardize many more users and their data.
The exploit was active in the version of IE11 which was rolled out to PCs and laptops running on Windows 7, Windows 8 and Windows 10. This includes Windows Server 2012, 2016 and 2019. Even previous versions of Internet Explorer, including IE9, which is active on Windows Server 2008, and IE10, which is running on Windows Server 2012, are impacted by the exploit. Supposedly older IE versions on Windows 7 are also impacted, although IE11 is the only version of Internet Explorer still being supported through regular security updates.
Even though many would agree that most other browsers are better than Internet Explorer, some people are creatures of habit who will wait as long as possible before switching to a different internet browser. Those who are still using IE are advised to switch to Edge, Chrome or Firefox as their main browser, although unfortunately there are still a few websites which work better on Internet Explorer.
Users who run Windows Update should have already received the emergency update for Internet Explorer, but you can double-check whether you have received it here or here.
