Security News > 2020 > January > Microsoft Zero-Day Actively Exploited, Patch Forthcoming
An unpatched remote code-execution vulnerability in Internet Explorer is being actively exploited in the wild, Microsoft has announced.
"If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system," Microsoft explained.
While Microsoft is aware of "Limited targeted attacks," a patch won't be released until next month's Patch Tuesday, according to the computing giant.
Dll, Microsoft detailed a workaround that involves using administrative commands to restrict access to the scripting library.
"Because the provided workaround has multiple negative side effects, and because it is likely that Windows 7 and Windows Server 2008 R2 users without Extended Security Updates will not get the patch at all, we decided to provide a micropatch that simulates the workaround without its negative side effects," the company said in a blog.
News URL
https://threatpost.com/microsoft-zero-day-actively-exploited-patch/152018/
Related news
- Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (source)
- Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability (source)
- Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs (source)
- March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) (source)
- April 2024 Patch Tuesday forecast: New and old from Microsoft (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
- Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234) (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)