Microsoft warns about Internet Explorer zero-day, but no patch yet

Internet Explorer IE

Microsoft has published a security advisory today about an Internet Explorer (IE) vulnerability that is currently being exploited in the wild — a so-called zero-day.

The company’s security advisory (ADV200001) currently only includes workarounds and mitigations that can be applied in order to safeguard vulnerable systems from attacks.

At the time of writing, there is no patch for this issue. Microsoft said it was working on a fix, to be released at a later date.

While Microsoft said it was aware that the IE zero-day was being exploited in the wild, the company described these as “limited targeted attacks,” suggesting the zero-day was not broadly exploited, but rather that it was part of attacks aimed at a small number of users.

These limited IE zero-day attacks are believed to be part of a larger hacking campaign, which also involves attacks against Firefox users.

Connected to last week’s Firefox zero-day

Last week, Mozilla patched a similar zero-day that was being exploited to attack Firefox users. Mozilla credited Qihoo 360 for discovering and reporting the Firefox zero-day.

In a now-deleted tweet, the Chinese cyber-security firm said the attackers were also exploiting an Internet Explorer zero-day. This appears to be the zero-day that Qihoo 360 researchers mentioned at the time.

No information has been shared about the attacker or the nature of the attacks. Qihoo 360 did not return a request for comment seeking information about the attacks.

RCE in IE

At the technical level, Microsoft described this IE zero-day as a remote code execution (RCE) flaw caused by a memory corruption bug in IE’s scripting engine — the browser component that handles JavaScript code.

Below is Microsoft’s technical description of this zero-day:

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.

All supported Windows desktop and Server OS versions are impacted, Microsoft said.

This IE RCE zero-day does not have a CVE identifier assigned at the moment.

Microsoft patched two similar IE zero-days in September and November 2019. Although IE is not the default browser in the latest Windows OS versions anymore, the browser is still installed with the OS. Users on older Windows releases are the ones primarily at risk.

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews

Crypto Scams

Cryptosoft
Cryptosoft Trading Bot Review
June 27, 2022
The Largest Crypto Scams Of 2022 (So Far)
The Largest Crypto Scams Of 2022 (So Far)
June 14, 2022
Scammers
How Do Scammers Entice Their Prey?
May 10, 2022
Beanstalk Farms Loses $80M In A Massive DeFi Governance Flash-Loan Hack
Beanstalk Farms Loses $80M In A Massive DeFi Governance Flash-Loan Hack
April 23, 2022
Prove
Joon Pak Head of Crypto at Prove talks to Us about Crypto Fraud And More
April 11, 2022

Automated trading with HaasBot Crypto Trading Bots

Blockchain/Cryptocurrency Questions and Answers

Is The Crypto Market Combating A Lehman Brothers Moment?
Is The Crypto Market Combating A Lehman Brothers Moment?
June 30, 2022
Russia
Roundtable Interview-What is the Effect of The Russia-Ukraine War on Cryptocurrency Prices?
March 4, 2022
GamStop
How Does Bitcoin Casino Work + 2021 Beginner’s Guide
November 8, 2021
Cryptocurrency
How to Buy and Sell Cryptocurrency
November 8, 2021
What Are Bitcoin Futures And How Will They Work In 2022?
November 4, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin19,036 0.08 % 1.21 % 11.57 %
Ethereum1,047.0 0.70 % 0.58 % 15.85 %
Tether1.002 0.19 % 0.15 % 0.18 %
USD Coin1.002 0.00 % 0.02 % 0.11 %
BNB215.21 0.99 % 0.60 % 10.30 %
Binance USD1.003 0.10 % 0.10 % 0.03 %
Cardano0.4469 0.21 % 1.04 % 10.30 %
XRP0.3118 0.35 % 0.84 % 15.11 %
Solana32.35 1.37 % 2.33 % 23.68 %
Dogecoin0.06553 0.09 % 2.26 % 4.43 %

bitcoin
Bitcoin (BTC) $ 19,030.53
ethereum
Ethereum (ETH) $ 1,051.81
tether
Tether (USDT) $ 0.999863
usd-coin
USD Coin (USDC) $ 1.00
bnb
BNB (BNB) $ 215.89
binance-usd
Binance USD (BUSD) $ 1.00
cardano
Cardano (ADA) $ 0.447337
xrp
XRP (XRP) $ 0.312046
solana
Solana (SOL) $ 32.69
dogecoin
Dogecoin (DOGE) $ 0.065498