Microsoft has today released an emergency software package to connect a critical security hole in its Internet Explorer (IE) browser that the attackers already use to break into Windows ] computers
The software giant said it learned about the weakness ( CVE-2018-8653 ) after receiving a report from Google about a new vulnerability used in targeted attacks. Satnam Narang Senior Scientist at Tenable said the vulnerability affects the following installations of IE: Internet Explorer 11 from Windows 7 to Windows 1
"When the error is actively exploited in nature, users are encouraged to update their systems as soon as possible to reduce the risk of compromise," said Narang.
According to a little sparse advice about the patch, malware or attackers can use the failure to break into Windows computers by getting a user to visit a hacked or booby-caught site. An attacker can then install programs; view, change or delete data; or create new accounts with full user privileges.
Microsoft states that users who have Windows Update enabled and have used the latest security updates are automatically protected. Windows 10 users can manually check for updates in this way; Instructions on how to do this for earlier versions of Windows are here.
Tags: CVE-2018-8653, google, Microsoft IE null day, Satnam Narang, Tenable
You can jump to the end and leave a comment. Pinging is currently not allowed.