Security News > 2018 > December > Microsoft Issues Emergency Patch For Under-Attack IE Zero Day
2018-12-20 07:48
Microsoft today issued an out-of-band security update to patch a critical zero-day vulnerability in Internet Explorer (IE) Web browser that attackers are already exploiting in the wild to hack into Windows computers. Discovered by security researcher Clement Lecigne of Google's Threat Analysis Group, the vulnerability, tracked as CVE-2018-8653, is a remote code execution (RCE) flaw in the IE
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/x5EuszKxdrc/internet-explorer-zero-day.html
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws (source)
- Patch Tuesday: Microsoft fixes 5 actively exploited zero-days (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-20 | CVE-2018-8653 | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 10/11/9 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. | 7.5 |