Microsoft warns about Internet Explorer zero-day, but no patch yet

Internet Explorer IE

Microsoft has published a security advisory today about an Internet Explorer (IE) vulnerability that is currently being exploited in the wild — a so-called zero-day.

The company’s security advisory (ADV200001) currently only includes workarounds and mitigations that can be applied in order to safeguard vulnerable systems from attacks.

At the time of writing, there is no patch for this issue. Microsoft said it was working on a fix, to be released at a later date.

While Microsoft said it was aware that the IE zero-day was being exploited in the wild, the company described these as “limited targeted attacks,” suggesting the zero-day was not broadly exploited, but rather that it was part of attacks aimed at a small number of users.

These limited IE zero-day attacks are believed to be part of a larger hacking campaign, which also involves attacks against Firefox users.

Connected to last week’s Firefox zero-day

Last week, Mozilla patched a similar zero-day that was being exploited to attack Firefox users. Mozilla credited Qihoo 360 for discovering and reporting the Firefox zero-day.

In a now-deleted tweet, the Chinese cyber-security firm said the attackers were also exploiting an Internet Explorer zero-day. This appears to be the zero-day that Qihoo 360 researchers mentioned at the time.

No information has been shared about the attacker or the nature of the attacks. Qihoo 360 did not return a request for comment seeking information about the attacks.


At the technical level, Microsoft described this IE zero-day as a remote code execution (RCE) flaw caused by a memory corruption bug in IE’s scripting engine — the browser component that handles JavaScript code.

Below is Microsoft’s technical description of this zero-day:

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.

All supported Windows desktop and Server OS versions are impacted, Microsoft said.

This IE RCE zero-day does not have a CVE identifier assigned at the moment.

Microsoft patched two similar IE zero-days in September and November 2019. Although IE is not the default browser in the latest Windows OS versions anymore, the browser is still installed with the OS. Users on older Windows releases are the ones primarily at risk.

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Millions in Cryptocurrency Stolen by Scammers in the Last Month According to Tenable Research
November 24, 2021
Behind The Scenes: How this Crypto Community Responded to + $50m Hack
October 18, 2021
Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021

Blockchain/Cryptocurrency Questions and Answers

Crypto casinos
How Does Bitcoin Casino Work + 2021 Beginner’s Guide
November 8, 2021
How to Buy and Sell Cryptocurrency
November 8, 2021
What Are Bitcoin Futures And How Will They Work In 2022?
November 4, 2021
The Unconventional Guide to Ethereum
October 28, 2021
ICo Presale
The Science Behind ICO Presales…
October 14, 2021

CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin58,447 0.57 % 2.18 % 3.65 %
Ethereum4,672.0 1.32 % 7.68 % 13.92 %
Binance Coin627.39 0.42 % 0.95 % 12.04 %
Tether0.9986 0.03 % 0.08 % 0.23 %
Solana214.76 0.63 % 2.93 % 0.76 %
Cardano1.610 0.66 % 1.76 % 9.65 %
XRP1.020 1.05 % 4.33 % 1.63 %
Polkadot30.87 2.19 % 17.29 % 10.73 %
USD Coin1.000 0.14 % 0.20 % 0.17 %
Dogecoin0.2215 0.68 % 1.42 % 7.23 %

Bitcoin (BTC) $ 58,556.00
Ethereum (ETH) $ 4,668.67
Binance Coin (BNB) $ 628.98
Tether (USDT) $ 1.00
Solana (SOL) $ 215.54
Cardano (ADA) $ 1.61
XRP (XRP) $ 1.02
Polkadot (DOT) $ 37.80
USD Coin (USDC) $ 1.00
Dogecoin (DOGE) $ 0.222198