Technology 2 min read

Internet Explorer bug Allows Hackers to Take Over PCs

Microsoft issued an unscheduled security patch yesterday to fix two vulnerabilities: an Internet Explorer bug and a Microsoft Defender DoS bug.

Image courtesy of Shutterstock

Image courtesy of Shutterstock

On Monday, Microsoft issued a rare emergency security patch for a recently discovered Internet Explorer bug that was actively exploited by hackers in the wild.

Codenamed CVE-2019-1367, the bug was found by Clément Lecigne of Google’s Threat Analysis Group. The vulnerability is a remote code execution flaw that affects the way the Microsoft scripting engine handles memory objects in IE.

In a security update advisory published by Microsoft, the company explained:

“The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Internet Explorer bug: Another Reason not to use IE

According to Microsoft, the Internet Explorer bug can be used by a malicious website or email to hijack Windows PCs. Meaning, if an unsuspecting victim uses IE to view a booby-trap website or message set by an attacker, the latter could easily inject other software to run on the PC.

The advisory issued by Microsoft confirmed that the bug had been actively exploited in the wild. However, it didn’t say anything about the alleged attacks. The IE vulnerability affects versions 9, 10, and 11, which are running on Windows 7, 8.1, and 10.

As compared to Edge, security researchers deem IE as more vulnerable to hacking attacks. Thus, IE users have been advised time and again to switch to Edge or other browsers like Mozilla Firefox and Google Chrome.

Microsoft also released a separate unscheduled update to fix a denial-of-service vulnerability found in the Microsoft Defender antimalware engine. Known before as Windows Defender, the antivirus comes with Windows 8 and more recent versions of Microsoft OS.

Codenamed CVE-2019-1255, the bug was reported to Microsoft by Charalampos Billinis of F-Secure Countercept and Wenxu Wu of Tencent Security Xuanwu Lab. If exploited, attackers could stop “legitimate accounts from executing legitimate system binaries.”

Again, people using IE and Windows versions affected by these vulnerabilities are advised to update their computers now.

Read More: Microsoft Releases June Patch Tuesday To Fix Zero-Day Vulnerabilities

Found this article interesting?

Let Rechelle Ann Fuertes know how much you appreciate this article by clicking the heart icon and by sharing this article on social media.


Profile Image

Rechelle Ann Fuertes

Rechelle is an SEO content producer, technical writer, researcher, social media manager, and visual artist. She enjoys traveling and spending time anywhere near the sea with family and friends.

Comments (0)
Most Recent most recent
You
106
share Scroll to top

Link Copied Successfully

Sign in

Sign in to access your personalized homepage, follow authors and topics you love, and clap for stories that matter to you.

Sign in with Google Sign in with Facebook

By using our site you agree to our privacy policy.