Microsoft Issues Emergency Patch For IE

Microsoft has rushed out an emergency patch for its Internet Explorer browser to address a critical flaw that is being exploited in the wild.

The flaw is said to be a scripting-engine memory-corruption bug designated CVE-2019-1367 and attackers are said to have built booby-trapped websites to exploit the flaw.

Microsoft typically issues patches and repairs as part of its monthly Patch Tuesday update cycle, but in serious cases such as this, it can issue emergency patches.

IE flaw

“A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer,” said Microsoft in its advisory, which affects Internet Explorer version 9 to 11.

“The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user,” it warned. “An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.”

“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Redmond warned. “In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.”

The patch addresses the vulnerability by modifying how the scripting engine handles objects in memory.

The IE vulnerability was reportedly discovered by engineer Clement Lecigne who works for Google’s Threat Analysis Group.

In March this year, Lecigne warned users of a couple serious zero-day vulnerabilities that affects both the Windows operating system and Google Chrome users.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Meta Building Fastest AI Supercomputer In The World

Facebook building the world’s fastest AI supercomputer to help detect and moderate offensive posts and…

2 hours ago

Nvidia Preparing To Abandon $40bn ARM Acquisition – Report

Facing many regulatory probes and lawsuits, Nvidia tells its partners it is preparing to abandon…

4 hours ago

Vodafone To Switch Off 3G Network Next Year

Mobile operators press ahead with early retirement of old networks, as Vodafone sets 2023 deadline…

6 hours ago

Online Safety Bill Is A ‘Missed Opportunity,’ MPs Warn

DCMS committee says draft version of landmark online safety bill is not robust or clear…

7 hours ago

Julian Assange Wins Right To Ask Supreme Court For Extradition Appeal

Another twist. Julian Assange wins right to ask UK's Supreme Court if it will hear…

7 hours ago

ICO Disagrees With Government-Backed Encryption Campaign

UK data protection watchdog, the ICO, says encryption provides protections for children, after government-backed campaign…

8 hours ago