Microsoft Issues Emergency Patch For IE

Microsoft has rushed out an emergency patch for its Internet Explorer browser to address a critical flaw that is being exploited in the wild.

The flaw is said to be a scripting-engine memory-corruption bug designated CVE-2019-1367 and attackers are said to have built booby-trapped websites to exploit the flaw.

Microsoft typically issues patches and repairs as part of its monthly Patch Tuesday update cycle, but in serious cases such as this, it can issue emergency patches.

IE flaw

“A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer,” said Microsoft in its advisory, which affects Internet Explorer version 9 to 11.

“The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user,” it warned. “An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.”

“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Redmond warned. “In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.”

The patch addresses the vulnerability by modifying how the scripting engine handles objects in memory.

The IE vulnerability was reportedly discovered by engineer Clement Lecigne who works for Google’s Threat Analysis Group.

In March this year, Lecigne warned users of a couple serious zero-day vulnerabilities that affects both the Windows operating system and Google Chrome users.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

6 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

7 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

8 hours ago