Security News > 2020 > January > Microsoft Warns of Zero-Day Internet Explorer Exploits

Microsoft says it's prepping a patch to fix a memory corruption flaw in multiple versions of Internet Explorer that is being exploited by in-the-wild attackers.

The flaw, which exists in a scripting engine built into Internet Explorer, could be exploited by attackers to remotely execute code of their choosing, Microsoft says.

"An attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email," Microsoft says.

"Windows Server devices are not, in their default settings, at risk."By default, Internet Explorer on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 runs in a restricted mode that is known as Enhanced Security Configuration, Microsoft says in its alert.

"In 2019, Clément also discovered a pair of zero-day vulnerabilities exploited together in the wild in Google Chrome and Microsoft Windows, as well as a zero-day memory corruption vulnerability in Internet Explorer exploited in the wild," says Rody Quinlan, a research engineer in security firm Tenable's security response team, in a blog post.

News URL

https://www.inforisktoday.com/microsoft-warns-zero-day-internet-explorer-exploits-a-13623