Microsoft warns of security vulnerabilities in the browser, but it does not correct them |
Microsoft has released a security bulletin about the security vulnerabilities currently used in Internet Explorer. However, the company's ADV200001 security bulletin currently only contains solutions that can protect vulnerable systems from non-offensive attacks. Solve the problem. Make corrections.
Microsoft has announced that it will work on the fixes that will be released later, and although the company has made clear that it is aware of a vulnerability in the currently used Internet Explorer browser, the attacks are still described as being targeted.
Microsoft has made clear that the vulnerability has not been largely exploited, but the included attacks are only part of the attack on a small number of users. These limited attacks on Internet Explorer are believed to be part of these attacks as part of a widespread hacking campaign, including attacks on Firefox users.
Mozilla fixed a similar vulnerability last week targeting Firefox users. The company tracked its browser results to Chinese cyber security company Qihoo 360, which said in a tweet: Attackers also use Internet Explorer. Browser vulnerability.
No information was released about the attacker or the nature of the attack, but Microsoft technically stated that the vulnerability was a failure to execute RCE code remotely due to a memory error in the engine. Browser script (the component that handles JavaScript code).
The company said that the way the scripting engine handles objects in memory in Internet Explorer is a vulnerability in remote code execution that could cause memory corruption so that the attacker could execute the code. Arbitrarily in the context of the current user.
"If the operation is successful, the attacker can grant the privileges of the current user. If the current user has high administrator privileges, the attacker can control the affected system, install programs, change or delete data, and create new programs."
In a web attack scenario, an attacker could have a website specifically designed to exploit this vulnerability, and then mislead users into sending email to view the site. Microsoft declares that this version affects all versions of Windows Internet Explorer. Release.
The company corrected similar errors in September and November 2019, and although Internet Explorer is no longer the default browser in the latest version of Windows, it is still easy to install on this operating system for users of older versions of Windows. You will be attacked.