Security News > 2020 > January > Microsoft to Patch Internet Explorer Vulnerability Exploited in Targeted Attacks
Microsoft announced on Friday that it's in the process of developing a patch for a zero-day vulnerability in Internet Explorer that has been exploited in targeted attacks, reportedly by a threat group tracked as DarkHotel.
According to Microsoft, the vulnerability can be exploited for remote code execution in the context of the targeted user.
Microsoft says it has learned about the vulnerability from Google's Threat Analysis Group and Chinese cybersecurity firm Qihoo 360, which have apparently seen the weakness being exploited in limited, targeted attacks.
Qihoo 360 has found evidence suggesting that the vulnerability has been exploited by the DarkHotel threat group, which some believe may be sponsored by South Korea.
Security professionals have advised users to simply stop using Internet Explorer, but as an advisory published last week by Siemens shows, some web-based software can still only run in Internet Explorer.
News URL
Related news
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)