Exploit Details Emerge for Unpatched Microsoft Bug

2021-02-18 17:59

New details have emerged about an unpatched security vulnerability in Microsoft's Internet Explorer that was recently used in a complex campaign against security researchers.

In early February, cybersecurity researchers at South Korean consultancy ENKI identified a zero-day exploit that it said was used in the researcher attack.

The vulnerability in question exists in Microsoft Internet Explorer, and at the time of writing remains unpatched, though Microsoft said it was looking into the bug report.

Delivering the exploit in an MHTML file does ensure recipients would open it in Internet Explorer, which is registered to open this file type, according to researchers at 0patch, which released an additional analysis of the bug on Thursday.

In breaking down ENKI's proof-of-concept exploit, researchers at 0patch were able to uncover more details on the bug.

Researchers at 0patch also disclosed additional details on how the bug could be weaponized.

News URL

https://threatpost.com/exploit-details-unpatched-microsoft-bug/164083/

#exploit #microsoft

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		723	807	4714	4722	3647	13890

News URL

Related news

Related vendor