A couple of days ago, Microsoft released a security patch to fix a new Internet Explorer zero-day vulnerability. According to many reports, the IE 0-day security flaw is used massively lately. As Microsoft reported, the credits for discovering and reporting the vulnerability goes for Clement Lecigne of Google’s Threat Analysis Group.
As reported by a security advisory published along with the security patch, the new Internet Explorer zero-day vulnerability permits cyberattackers to execute malicious code on a victim’s computer. Dubbed as CVE-2018-8653, this security flaw is exploitable in web-based environments where a hacker attracts a visitor on an infected site and then runs malicious code on the user’s PC.
According to Microsoft, the cyberattacker would execute the malicious code under the same privileges the user has on a computer. Therefore, if an Internet Explorer user with limited access is lured on an infected site, the hacker also has to execute the code in a restricted environment, mostly contained to simple operations.
Microsoft Released A Security Patch To Tackle A New Internet Explorer Zero-Day Vulnerability
The situation is challenging for Microsoft. The company already patched other IE 0-day vulnerabilities during the last months, namely, the so-called CVE-2018-8611, CVE-2018-8589, CVE-2018-8453, CVE-2018-8440 security flaws. So, a user who did not update its IE with the previous security patches might be exposed to more than just the recently tackled Internet Explorer zero-day vulnerability.
On December 19th, 2018, Microsoft released KB4483187, KB4483230, KB4483234, KB 4483235, KB4483232, KB4483228, KB4483229, and KB4483187 to tackle the new Internet Explorer zero-day vulnerability.
As the winter holidays are getting closer and many IT departments in companies around the world might not have the time to install the security patches, Microsoft also published a security advisory with some workarounds for the IT specialists to use to restrict access to the IE scripting engine until they install the recently released updates.