cageymaru
Fully [H]
- Joined
- Apr 10, 2003
- Messages
- 21,971
Microsoft has released an emergency security update to patch an actively exploited vulnerability in Internet Explorer. CVE-2018-8653 addresses a remote code execution vulnerability caused by the way the scripting engine handles objects in Internet Explorer. The exploit corrupts memory in such as way that an attacker can execute arbitrary code in the context of the current user. The attacker will have the same rights as the current user. If the user is logged in as an administrative rights user then the attacker can change, delete, install, create new accounts or view any data that they wish. Web-based attackers can create a website designed to trigger the exploit. I ran Windows Update and it installed the update in a few seconds.
The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.
The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.