{"id":40241,"date":"2020-01-20T13:55:32","date_gmt":"2020-01-20T13:55:32","guid":{"rendered":"http:\/\/icloud.pe\/blog\/?guid=18d489a2d80fa84168910a818958a58d"},"modified":"2020-01-20T13:55:32","modified_gmt":"2020-01-20T13:55:32","slug":"exploited-internet-explorer-flaw-wont-be-patched-until-next-month","status":"publish","type":"post","link":"https:\/\/icloud.pe\/blog\/exploited-internet-explorer-flaw-wont-be-patched-until-next-month\/","title":{"rendered":"Exploited Internet Explorer flaw won&#8217;t be patched until next month"},"content":{"rendered":"<p><span class=\"field field-name-field-author field-type-node-reference field-label-hidden\"><br \/>\n      <span class=\"field-item even\">Nicole Kobie<\/span><br \/>\n  <\/span><\/p>\n<div class=\"field field-name-field-published-date field-type-datetime field-label-hidden\">\n<div class=\"field-items\">\n<div class=\"field-item even\"><span class=\"date-display-single\">20 Jan, 2020<\/span><\/div>\n<\/p><\/div>\n<\/div>\n<p class=\"short-teaser\">\n<a href=\"https:\/\/www.cloudpro.co.uk\/\" title=\"\" class=\"combined-link\"><\/a><\/p>\n<div class=\"field field-name-body\">\n<p><span data-cke-copybin-start=\"1\">\u200b<\/span>Microsoft has warned that millions of people still using\u00a0the Internet Explorer\u00a0browser could be at risk from a zero-day flaw that is actively being exploited by hackers.<\/p>\n<p>The flaw, which is in a scripting engine of the <a href=\"https:\/\/www.itpro.co.uk\/web-browsers\/24796\/which-is-the-best-browser-chrome-vs-firefox-vs-microsoft-edge\">browser<\/a>,\u00a0makes use of memory corruption to execute code. &#8220;An attacker who successfully exploited the vulnerability could gain the same user rights as the current user,&#8221; Microsoft noted in its <a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/ADV200001\">security guidance<\/a>. &#8220;If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.&#8221;<\/p>\n<p>That could let attackers install programs, access data, or create new accounts, the company noted.<\/p>\n<p>&#8220;One way in which the vulnerability could be exploited is via a web-based attack, where users could be lured into visiting a boobytrapped webpage \u2013 perhaps via a malicious link in an email,&#8221; security and industry analyst Graham Cluley noted in a <a href=\"https:\/\/www.grahamcluley.com\/microsoft-internet-explorer-zero-day\/\">blog post<\/a>.<\/p>\n<p>Cluley added that the flaw appeared to be related to a similar vulnerability in <a href=\"https:\/\/www.itpro.co.uk\/security\/zero-day-exploit\/354485\/mozilla-fixes-firefox-zero-day-being-actively-exploited\" >Mozilla Firefox<\/a> spotted earlier this month. The discovery of both flaws was attributed to Qihoo 360, with the security firm tweeting last week as it reported the Firefox flaw that there was also an IE version.<\/p>\n<p>Microsoft said it was aware of &#8220;limited targeted attacks&#8221; using the vulnerability. Microsoft said it was working on a fix, and suggested it would come with the next Patch Tuesday, which is due out on 11 February.<\/p>\n<p>While users will have to wait for a patch, Microsoft noted that anyone running IE on various versions of Windows Server may be protected by default settings called Enhanced Security Configuration. <a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/ADV200001\">Microsoft also suggested<\/a> a workaround for other users, which involves restricting access to JScript.dll, though that will have to be undone when the update is issued.<\/p>\n<p>&#8220;Blocking access to this library can prevent exploitation of this and similar vulnerabilities that may be present in this old technology,&#8221; notes guidance by the <a href=\"https:\/\/kb.cert.org\/vuls\/id\/338824\/\">CERT<\/a> coordination centre at Carnegie Mellon. &#8220;When Internet Explorer is used to browse the modern web, jscript9.dll is used by default.&#8221;<\/p>\n<p>The best mitigation is to <a href=\"https:\/\/www.itpro.co.uk\/web-browsers\/25809\/almost-two-thirds-of-businesses-still-using-ie-8-9-and-10\">switch to a modern browser<\/a>, with <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/windows-it-pro-blog\/the-perils-of-using-internet-explorer-as-your-default-browser\/ba-p\/331732\">Microsoft referring to IE<\/a> as a &#8220;compatibility solution&#8221; for older apps rather than a browser to push out widely to staff. However, according to <a href=\"https:\/\/netmarketshare.com\/browser-market-share.aspx?options=%7B%22filter%22%3A%7B%22%24and%22%3A%5B%7B%22deviceType%22%3A%7B%22%24in%22%3A%5B%22Desktop%2Flaptop%22%5D%7D%7D%5D%7D%2C%22dateLabel%22%3A%22Trend%22%2C%22attributes%22%3A%22share%22%2C%22group%22%3A%22browser%22%2C%22sort%22%3A%7B%22share%22%3A-1%7D%2C%22id%22%3A%22browsersDesktop%22%2C%22dateInterval%22%3A%22Monthly%22%2C%22dateStart%22%3A%222019-01%22%2C%22dateEnd%22%3A%222019-12%22%2C%22segments%22%3A%22-1000%22%7D\">Net Applications&#8217; Market Share figures<\/a>, 7.4% of web users are still on IE \u2014 two percentage points more than <a href=\"https:\/\/www.itpro.co.uk\/web-browsers\/24526\/what-is-microsoft-edge\">Microsoft&#8217;s\u00a0Edge<\/a>, which was first released in 2015. <\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>      Nicole Kobie<\/p>\n<p>        20 Jan, 2020    <\/p>\n<p>      \u200bMicrosoft has warned that millions of people still using\u00a0the Internet Explorer\u00a0browser could be at risk from a zero-day flaw that is actively being exploited by hackers.<br \/>\nThe flaw, which is in a&#8230;<\/p>\n","protected":false},"author":414,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-40241","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/40241","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/users\/414"}],"replies":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/comments?post=40241"}],"version-history":[{"count":2,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/40241\/revisions"}],"predecessor-version":[{"id":40252,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/40241\/revisions\/40252"}],"wp:attachment":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/media?parent=40241"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/categories?post=40241"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/tags?post=40241"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}