Microsoft has issued a warning that a severe remote code execution vulnerability (CVE-2019-1367) exists in its oldest browser, Internet Explorer. Taking its severity seriously, the company has even pushed an out-of-bound emergency patch.
According to the advisory, the RCE vulnerability exists in the way the Internet Explorer’s scripting engine handles memory. It could lead to memory corruption, allowing an attacker to run malicious code.
By exploiting the vulnerability, the attackers can get the same system privileges as the current user. This means that if the user has admin rights, the attacker will get them as well. And they will be able to do things like install/uninstall apps and even create new users with admin-level rights.
Microsoft also said that the vulnerability can be exploited over the internet by tricking a user into visiting a specially-crafted malicious website.
So, if you are still using Internet Explorer for some reason, then you should install the security patch right away via Windows Update. You can also install the security patch manually using this link. The affected Windows versions include Windows 7, Windows 8.1, and also Windows 10.
Not only Microsoft, but the US Homeland Security has also advised users to install security patches as soon as possible.
It’s surprising to see that more than 8% of users are still glued to Internet Explorer. Surprisingly, IE’s market share surpasses that of Apple Safari and MS Edge.
Anyway, this gives us one more reason for not using Internet Explorer and removing it right away. Earlier, a bizarre IE bug came to light that allowed attackers to steal user files even for those who were not using the browser.