Security News > 2020 > January > Microsoft Warns of Zero-Day Internet Explorer Exploits
Microsoft says it's prepping a patch to fix a memory corruption flaw in multiple versions of Internet Explorer that is being exploited by in-the-wild attackers.
The flaw, which exists in a scripting engine built into Internet Explorer, could be exploited by attackers to remotely execute code of their choosing, Microsoft says.
"An attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email," Microsoft says.
"Windows Server devices are not, in their default settings, at risk."By default, Internet Explorer on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 runs in a restricted mode that is known as Enhanced Security Configuration, Microsoft says in its alert.
"In 2019, Clément also discovered a pair of zero-day vulnerabilities exploited together in the wild in Google Chrome and Microsoft Windows, as well as a zero-day memory corruption vulnerability in Internet Explorer exploited in the wild," says Rody Quinlan, a research engineer in security firm Tenable's security response team, in a blog post.
News URL
https://www.inforisktoday.com/microsoft-warns-zero-day-internet-explorer-exploits-a-13623
Related news
- Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234) (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)
- Exploit code for Palo Alto Networks zero-day now public (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Prompt Hacking, Private GPTs, Zero-Day Exploits and Deepfakes: Report Reveals the Impact of AI on Cyber Security Landscape (source)
- ArcaneDoor hackers exploit Cisco zero-days to breach govt networks (source)
- State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (source)