Microsoft Issues Emergency Patch For Under-Attack IE Zero Day
Microsoft today issued an out-of-band security update to patch a critical zero-day vulnerability in Internet Explorer (IE) Web browser that attackers are already exploiting in the wild to hack into Windows computers.
Discovered by security researcher Clement Lecigne of Google’s Threat Analysis Group, the vulnerability, tracked as CVE-2018-8653, is a remote code execution (RCE) flaw in the IE browser’s scripting engine.
According to the advisory, an unspecified memory corruption vulnerability resides in the scripting engine JScript component of Microsoft Internet Explorer that handles execution of scripting languages.
If exploited successfully, the vulnerability could allow attackers to execute arbitrary code in the context of the current user.
images from Hacker News