Security News > 2020 > January > Microsoft Warns of Unpatched IE Browser Zero-Day That's Under Active Attacks

Microsoft earlier today issued an emergency security advisory warning millions of Windows users of a new zero-day vulnerability in Internet Explorer browser that attackers are actively exploiting in the wild - and there is no patch yet available for it.
A remote attacker can execute arbitrary code on targeted computers and take full control over them just by convincing victims into opening a maliciously crafted web page on the vulnerable Microsoft browser.
"The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user," the advisory says.
"If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
Microsoft is aware of 'limited targeted attacks' in the wild and working on a fix, but until a patch is released, affected users have been provided with workarounds and mitigation to prevent their vulnerable systems from cyberattacks.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/v0UAaoV7kvM/internet-explorer-zero-day-attack.html
Related news
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- 7-Zip MotW bypass exploited in zero-day attacks against Ukraine (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) (source)