Researchers have identified a serious security flaw in Microsoft's popular Internet Explorer 11 web browser. Discovered by security firm Kaspersky, the bug could be exploited by hackers to remotely execute code on a targeted device and gain administrative privileges. The vulnerability is also zero-day, meaning hackers were able to exploit it before Microsoft could manage a patch, and it received a critical severity rating of 7.5/10, according to the Common Vulnerability Scoring System (CVSS).
Internet Explorer vulnerability
According to the Microsoft report, the bug was found in the browser's scripting engine and is related to the way objects are handled in memory. “The vulnerability could corrupt memory so that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user,” the company explained. This could be particularly problematic if an attacker attacks a device administrator, allowing them to install software, modify or delete data, and create new accounts with full access privileges. In late spring, the exploit was used in the wild to attack a company in South Korea, but the attack was mitigated by Kaspersky. It is not known if zero-day has been abused in other attacks. “When there are wild attacks with zero-day vulnerabilities, it is always great news for the cybersecurity community. Successful detection of such a vulnerability immediately forces vendors to release a patch and forces users to install all necessary updates, ”said Boris Larin, Kaspersky security expert. “This case includes an exploit with remote code execution capabilities, which is more dangerous. Along with the possibility of affecting the latest versions of Windows 10, the discovered attack is really rare these days. " Microsoft provided a fix for the Internet Explorer bug this week, as part of the August 2020 Tuesday patch. To protect against attacks, users are encouraged to update to the latest version immediately.