Microsoft warns of Internet Explorer vulnerability

Microsoft has released a security update for Internet Explorer after receiving a report from Google about a new vulnerability that is being used in targeted attacks.

Security vulnerabilities in applications can be used to execute malicious code on your systems, and using the latest version of applications is one way that you can better protect yourself, as we explain in the Essential Eight.

According to Microsoft, customers who have Windows Update enabled and have applied the latest security update are protected automatically.

‘We encourage customers to turn on automatic updates,’ Microsoft said. ‘An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.’

‘If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,’ Microsoft said.

‘In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email,’ Microsoft said.

More information is available from Microsoft in CVE-2018-8653 | Scripting Engine Memory Corruption Vulnerability.

For more information about mitigation strategies to help you protect yourself, read the Essential Eight Explained.