Security News > 2020 > January > Microsoft Warns of Zero-Day Internet Explorer Exploits
Microsoft says it's prepping a patch to fix a memory corruption flaw in multiple versions of Internet Explorer that is being exploited by in-the-wild attackers.
The flaw, which exists in a scripting engine built into Internet Explorer, could be exploited by attackers to remotely execute code of their choosing, Microsoft says.
"An attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email," Microsoft says.
"Windows Server devices are not, in their default settings, at risk."By default, Internet Explorer on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 runs in a restricted mode that is known as Enhanced Security Configuration, Microsoft says in its alert.
"In 2019, Clément also discovered a pair of zero-day vulnerabilities exploited together in the wild in Google Chrome and Microsoft Windows, as well as a zero-day memory corruption vulnerability in Internet Explorer exploited in the wild," says Rody Quinlan, a research engineer in security firm Tenable's security response team, in a blog post.
News URL
https://www.inforisktoday.com/microsoft-warns-zero-day-internet-explorer-exploits-a-13623
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Microsoft launches Zero Day Quest hacking event with $4 million in rewards (source)
- Microsoft announces Zero Day Quest hacking event with big rewards (source)