Menu
Microsoft delivers emergency patch for under-attack Internet Explorer

Microsoft delivers emergency patch for under-attack Internet Explorer

Redmond issued a rare emergency security update to fix a zero-day vulnerability – reported by a Google security engineer – in the still-supported IE9, IE10 and IE11

Microsoft rarely mentions Internet Explorer (IE) anymore, but when it does, it usually means bad news.

So it was Wednesday, when Microsoft issued a rare emergency security update to plug a critical vulnerability in the still-supported IE9, IE10 and IE11. The flaw was reported to Microsoft by Google security engineer Clement Lecigne.

According to Microsoft, attackers are already exploiting the vulnerability, making it a classic "zero-day" bug. Because of that, the company released a fix before the next round of security updates scheduled for 8 January.

The update was issued to Windows 7, 8.1 and 10 - the latter with patches for versions 1607 and later - as well as Windows Server 2008, 2012, 2016 and 2019.

(Updates for some versions of Windows 10 - 1607 and 1703 - were available only to Windows 10 Enterprise and Windows 10 Education).

"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer," Microsoft stated in the CVE-2018-8653 support document. "The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user."

The vulnerability could be exploited simply by drawing users running IE9, IE10 or IE11 to a malicious website, perhaps with a phishing email.

Microsoft demoted IE to legacy status in early 2016; although the firm promised to continue patching the browser's vulnerabilities, it stopped improving or enhancing it.

The only reason Microsoft still serviced IE was so business users of Windows 7, 8.1 and 10 could continue to run custom web apps and aged intranet sites. The future, Microsoft has said time and time again, is Edge, which runs only on Windows 10.

In November, IE accounted for just 9.6 per cent of global browser user share, as measured by analytics vendor Net Applications, and approximately 11 per cent of all Windows PCs.

Those numbers masked a more serious problem: In the preceding 12 months, IE lost one-fifth of its users, an unsustainable rate of decline.

The IE security fix will be automatically offered, downloaded and installed on most unmanaged Windows PCs.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Microsoft

Brand Post

Featured

Slideshows

Tech industry comes out in force as Lancom turns 30

Tech industry comes out in force as Lancom turns 30

A host of leading vendors and customers came together to celebrate the birthday of Lancom Technology in New Zealand, as the technology provider turned 30.

Tech industry comes out in force as Lancom turns 30
The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Show Comments