Users can grab the patch via Windows Update or obtain the standalone fix via the Microsoft Download Center. Getting users to a compromised or crafted page is actually easier than it sounds as a phishing attempt via e-mail would certainly do the trick.Īgain, Microsoft notes that the vulnerability is being actively exploited although it didn’t provide any further details on the matter. What’s more, attackers don’t need their own site as the bug can be exploited over ad networks used on legitimate sites.
Microsoft says an Internet Explorer user visiting a specially crafted website designed to exploit the flaw could become victimized. As such, those with full admin rights are at a greater risk than users with restricted access. Said hacker could also gain the same user rights as the current user. Specifically, the vulnerability deals with improperly accessing objects in memory which could subsequently corrupt memory in a manner that allows an attacker to run code remotely. Security bulletin MS15-093 pertains to a remote code execution flaw found in found in all supported versions of Internet Explorer (IE7 and newer Microsoft’s Edge browser for Windows 10 isn’t at risk) including 32- and 64-bit variants. If you haven’t already installed the fix, it’s recommended that you do so ASAP as hackers are said to be actively exploiting it. Microsoft has issued an emergency update to patch a critical vulnerability that affects all supported versions of Internet Explorer.
0 kommentar(er)
