Menu
Microsoft delivers emergency patch for under-attack Internet Explorer

Microsoft delivers emergency patch for under-attack Internet Explorer

Redmond issued a rare emergency security update to fix a zero-day vulnerability – reported by a Google security engineer – in the still-supported IE9, IE10 and IE11

Microsoft rarely mentions Internet Explorer (IE) anymore, but when it does, it usually means bad news.

So it was Wednesday, when Microsoft issued a rare emergency security update to plug a critical vulnerability in the still-supported IE9, IE10 and IE11. The flaw was reported to Microsoft by Google security engineer Clement Lecigne.

According to Microsoft, attackers are already exploiting the vulnerability, making it a classic "zero-day" bug. Because of that, the company released a fix before the next round of security updates scheduled for 8 January.

The update was issued to Windows 7, 8.1 and 10 - the latter with patches for versions 1607 and later - as well as Windows Server 2008, 2012, 2016 and 2019.

(Updates for some versions of Windows 10 - 1607 and 1703 - were available only to Windows 10 Enterprise and Windows 10 Education).

"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer," Microsoft stated in the CVE-2018-8653 support document. "The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user."

The vulnerability could be exploited simply by drawing users running IE9, IE10 or IE11 to a malicious website, perhaps with a phishing email.

Microsoft demoted IE to legacy status in early 2016; although the firm promised to continue patching the browser's vulnerabilities, it stopped improving or enhancing it.

The only reason Microsoft still serviced IE was so business users of Windows 7, 8.1 and 10 could continue to run custom web apps and aged intranet sites. The future, Microsoft has said time and time again, is Edge, which runs only on Windows 10.

In November, IE accounted for just 9.6 per cent of global browser user share, as measured by analytics vendor Net Applications, and approximately 11 per cent of all Windows PCs.

Those numbers masked a more serious problem: In the preceding 12 months, IE lost one-fifth of its users, an unsustainable rate of decline.

The IE security fix will be automatically offered, downloaded and installed on most unmanaged Windows PCs.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Microsoft

Featured

Slideshows

Malwarebytes shoots the breeze with channel, prospects

Malwarebytes shoots the breeze with channel, prospects

A Kumeu, Auckland, winery was the venue for a Malwarebytes event for partner and prospect MSPs - with some straight shooting on the side. The half-day getaway, which featured an archery competition, lunch and wine-tasting aimed at bringing Malwarebytes' local New Zealand and top and prospective MSP partners together to celebrate recent local successes, and discuss the current state of malware in New Zealand. This was also a unique opportunity for local MSPs to learn about how they can get the most out of Malwarebytes' MSP program and offering, as more Kiwi businesses are targeted by malware.

Malwarebytes shoots the breeze with channel, prospects
EDGE 2019: Channel forges new partnerships during evening networking

EDGE 2019: Channel forges new partnerships during evening networking

Partners, vendors and distributors reconnected during a number of social gatherings during EDGE 2019. The first evening saw the channel congregate for a welcome party at the Hamilton Island yacht club, while the main poolside proved to be the perfect stop for a barbecue on the final night.

EDGE 2019: Channel forges new partnerships during evening networking
Show Comments