Following the disclosure of a major security vulnerability in Internet Explorer that is currently being exploited by hackers, Microsoft has confirmed its existence even if the software giant does not intend to immediately release a patch to fix it. The security hole in the company's old browser was first exposed by an internal security division called US-CERT, which reports major security holes, in a tweet containing a link. to a security advisory about the error. According to the opinion, the vulnerability has already been "detected in exploits in the wild." According to Microsoft, all supported versions of Windows, including Windows 7, which will no longer receive security updates, are affected by the flaw.
Internet Explorer vulnerability
The vulnerability relates to the way Internet Explorer handles memory, and an attacker could exploit the flaw to remotely execute malicious code on an affected computer. It also bears a striking resemblance to a similar vulnerability that was recently disclosed by Mozilla. The Chinese security research team Qihoo 360 was the first to discover the security breach used by attackers in the wild. However, the research team, Microsoft, and Mozilla do not yet know which attackers are exploiting the flaw, how they are doing it, or who they are targeting. The security breach appears to be so serious that even the US Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about it, which reads as follows: "The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to refer to Microsoft advisory ADV20001 and CERT/CC vulnerability note VU #338824 for more details, implement fixes, and apply updates when available Consider using Microsoft Edge or another browser until fixes are in place Microsoft is currently working on a fix for the problem, but it's unlikely to arrive until the company's next set of monthly security fixes, scheduled for February 11. Via TechCrunch