The Hacker News Logo
Subscribe to Newsletter

Microsoft pushes Emergency Patch for Zero-Day Internet Explorer Flaw

Microsoft pushes Emergency Patch for Zero-Day Internet Explorer Flaw
It's time to immediately patch your Internet Explorer – Once again!

Microsoft has issued an emergency out-of-band patch for all supported versions of Internet Explorer browser, to fix a critical security flaw that hackers are actively exploiting to hijack control of targeted computers.

The Zero-Day flaw (assigned CVE-2015-2502) is a Remote Code Execution vulnerability that could be exploited when a user visits a booby-trapped website or open a malicious email on an affected machine.

The security bug actually resides in the way Internet Explorer handles objects in memory. If successfully exploited, a hacker could gain the same user privileges as the current user.

Therefore, users running administrator accounts on their machines as well as systems where IE is frequently used, like workstations or terminal servers, are particularly at the most risk from this vulnerability.

Critical Zero-Day Vulnerability


"An attacker who successfully exploited this vulnerability could take complete control of an affected system," Microsoft officials wrote in an advisory posted Tuesday. An attacker could then:

  • Install malicious programs
  • View, Change, or Delete data
  • Create new accounts with full user rights
  • Many more... 

In simple words, this zero-day vulnerability could allow an attacker to take over the affected Windows machine. According to the company, the flaw has been publicly exploited.

Affected Software


The zero-day flaw affects all supported versions of Microsoft's Internet Explorer, from IE7 to IE 11 which runs on the recently released Windows 10. However, Microsoft's new Edge browser is not affected.

The vulnerability gains Microsoft's top severity of 'Critical' for all desktop versions of Windows. The company credited its security engineer Clement Lecigne to report the bug.

Users and administrators are advised to install the update as soon as possible. Windows users may also find some protection mechanism using the Enhanced Mitigation Experience Toolkit (EMET) that helps prevent vulnerabilities in software from being successfully exploited.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.