Criminals are now exploiting a newly found flaw in several popular versions of Microsoft 's Internet Explorer browser, according to the company, security researchers at Google and the Department of Homeland Security. The vulnerability affects certain versions of Internet Explorer 9, 10, and 11, according to the U.S. Department of Homeland Security. CVE-2018-8653 addresses a remote code execution vulnerability caused by the way the scripting engine handles objects in Internet Explorer. By successfully executing the attack, an attacker would gain the same privileges as the now logged-in user, including the ability to add and remove programs, view or change data, or create new user accounts with full administrator rights themselves.
The company has issued a fix for the flaw now, outside of its typical Patch Tuesday security cycle, signifying it is a significant threat and should be patched immediately. You can also uninstall many of these apps completely in the new update.
The move came after a Google security engineer uncovered a memory-corruption vulnerability in the browser that was actively being exploited by hackers.More news: Priyanka Chopra & Nick Jonas leave India after hosting two grand receptions
More news: Priyanka Chopra, Nick Jonas host glittering reception: Salman, Kajol, Rahman among guests
More news: Trump Foundation to Shut Down After Lawsuit Filed Against The Charity
When a manufacturer issues an emergency patch, it is wise to heed the warning and patch the vulnerability. With this type, a hacker somewhere on the internet can remotely access your computer and execute commands that would ordinarily be restricted to a local user.
Users on the Windows 10 Fall Creators Update (version 1709), Microsoft has bumped the OS to build number 16299.847 with KB4483232. As per Satnam Narang from cyber exposure company Tenable, the defect influences IE11 for Windows 7 to Windows 10, and in addition IE9 and IE10 on explicit adaptations of Windows Server.
The vulnerability could be exploited simply by drawing users running IE9, IE10 or IE11 to a malicious website, perhaps with a phishing email. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights", said Microsoft in its dedicated website.
Indeed it did, but for backwards compatibility reasons, IE components remain a default part of all Windows versions (with the possible exception of Windows 10 Pro Long Term Service Branch (LTSB), a customisable Windows version used by larger organisations).