Microsoft warns about Internet Explorer zero-day, but no patch yet

Internet Explorer IE

Microsoft has published a security advisory today about an Internet Explorer (IE) vulnerability that is currently being exploited in the wild — a so-called zero-day.

The company’s security advisory (ADV200001) currently only includes workarounds and mitigations that can be applied in order to safeguard vulnerable systems from attacks.

At the time of writing, there is no patch for this issue. Microsoft said it was working on a fix, to be released at a later date.

While Microsoft said it was aware that the IE zero-day was being exploited in the wild, the company described these as “limited targeted attacks,” suggesting the zero-day was not broadly exploited, but rather that it was part of attacks aimed at a small number of users.

Coinbase 2

These limited IE zero-day attacks are believed to be part of a larger hacking campaign, which also involves attacks against Firefox users.

Connected to last week’s Firefox zero-day

Last week, Mozilla patched a similar zero-day that was being exploited to attack Firefox users. Mozilla credited Qihoo 360 for discovering and reporting the Firefox zero-day.

In a now-deleted tweet, the Chinese cyber-security firm said the attackers were also exploiting an Internet Explorer zero-day. This appears to be the zero-day that Qihoo 360 researchers mentioned at the time.

No information has been shared about the attacker or the nature of the attacks. Qihoo 360 did not return a request for comment seeking information about the attacks.

RCE in IE

At the technical level, Microsoft described this IE zero-day as a remote code execution (RCE) flaw caused by a memory corruption bug in IE’s scripting engine — the browser component that handles JavaScript code.

Below is Microsoft’s technical description of this zero-day:

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.

All supported Windows desktop and Server OS versions are impacted, Microsoft said.

This IE RCE zero-day does not have a CVE identifier assigned at the moment.

Microsoft patched two similar IE zero-days in September and November 2019. Although IE is not the default browser in the latest Windows OS versions anymore, the browser is still installed with the OS. Users on older Windows releases are the ones primarily at risk.

Microsoft warns about Internet Explorer zero-day, but no patch yet 1
blank
About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

blank

E-Crypto News Executive Interviews


blank

bitcoin
Bitcoin (BTC) $ 38,806.00
ethereum
Ethereum (ETH) $ 2,516.49
tether
Tether (USDT) $ 1.00
binance-coin
Binance Coin (BNB) $ 324.30
cardano
Cardano (ADA) $ 1.30
xrp
XRP (XRP) $ 0.720024
usd-coin
USD Coin (USDC) $ 1.00
dogecoin
Dogecoin (DOGE) $ 0.199673
polkadot
Polkadot (DOT) $ 17.31
binance-usd
Binance USD (BUSD) $ 1.00
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 38,806.00
ethereumEthereum (ETH)
$ 2,516.49
tetherTether (USDT)
$ 1.00
bitcoin-cashBitcoin Cash (BCH)
$ 533.96
litecoinLitecoin (LTC)
$ 138.89
bitcoinBitcoin (BTC)
32.700,77
ethereumEthereum (ETH)
2.120,58
tetherTether (USDT)
0,842673
bitcoin-cashBitcoin Cash (BCH)
449,95
litecoinLitecoin (LTC)
117,04
bitcoinBitcoin (BTC)
27,907.96
ethereumEthereum (ETH)
1,809.77
tetherTether (USDT)
0.719166
bitcoin-cashBitcoin Cash (BCH)
384.01
litecoinLitecoin (LTC)
99.88

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

blank
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021
Cryptocurrency Exchanges
Cryptocurrency Exchanges and the Plague of Scams and Bans
June 29, 2021
blank
What Role Do Cryptocurrencies Play In The Era Of Ransomware Attacks?
June 9, 2021
Crypto Scams On The Rise As Market Enters Bull Cycle
Crypto Scams On The Rise As Market Enters Bull Cycle
December 22, 2020
Harpreet Singh Sahni perpetrated the Plus Gold Union Coin (PGUC) scam
Sydney Concert Promoter Harpreet Sahni Involved In $50M Crypto PGUC Scam
November 2, 2020

Blockchain/Cryptocurrency Questions and Answers

Short-Sell Cryptocurrency
How to Short-Sell Cryptocurrency: A Brief Overview
July 17, 2021
Klaytn
What Is Klaytn (KLAY) And How Does It Work?
July 16, 2021
Cryptocurrencies
Our Crypto Roundup Interview Asks- Do Cryptocurrencies Have a Future?
July 15, 2021
Solana
What Is Solana (SOL) And How Does It Work?
June 26, 2021
blank
What Is Plethori Platform And How Does It Work?
June 12, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin38,702 0.04 % 2.49 % 3.81 %
Ethereum2,516.8 0.75 % 3.13 % 12.85 %
Tether1.000 0.10 % 0.13 % 0.40 %
Binance Coin323.36 0.05 % 3.35 % 6.73 %
Cardano1.300 0.60 % 1.80 % 3.96 %
XRP0.7196 0.35 % 4.63 % 15.32 %
USD Coin1.000 0.02 % 0.02 % 0.72 %
Dogecoin0.1995 0.32 % 3.47 % 3.19 %
Polkadot17.30 0.43 % 5.26 % 24.08 %
Binance USD1.000 0.14 % 0.00 % 0.51 %

bitcoin
Bitcoin (BTC) $ 38,576.00
ethereum
Ethereum (ETH) $ 2,515.34
tether
Tether (USDT) $ 1.00
binance-coin
Binance Coin (BNB) $ 324.29
cardano
Cardano (ADA) $ 1.32
xrp
XRP (XRP) $ 0.719218
usd-coin
USD Coin (USDC) $ 1.00
dogecoin
Dogecoin (DOGE) $ 0.199485
polkadot
Polkadot (DOT) $ 17.50
binance-usd
Binance USD (BUSD) $ 1.00