Skip to main content

Microsoft Released Security Updates for Internet Explorer zero-day



Microsoft released security updates for remote code exection vulnerability that exists with Internet explorer, which allows an attacker to execute an arbitary code in the context of the current user.
The vulnerability is tracked as CVE-2018-8653. It was identified by Google’s Threat Analysis Group and the vulnerability is currently being exploited in wild.
Microsoft  recently released Security Updates & Fixed 39 Vulnerabilities Including Active Zero-day
The bug can be exploited if the user visited a specially crafted webpage that was designed to exploit the vulnerability through Internet Explorer browser.
An attacker who has successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged in with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
If the attacker takes control over the system, they can utilize it to download additional malware and execute the malware with user access.
The vulnerability could corrupt the memory, which allows an attacker to run the an arbitary code remotely. Now Microsoft fixed the Zero-day by modifying the script engine that handles the object.
To fix the vulnerability, Microsoft released a Cumulative security update for Internet Explorer KB4470199 allowing the users to confirm the update by verifying the version of jscript.dll is 5.8.9600.19230.
This update is applicable to Internet Explorer 11 on Windows 10, Internet Explorer 11 on Windows 8.1 Update, Internet Explorer 11 on Windows 7 SP1, Internet Explorer 10 on Windows Server 2012, Internet Explorer 9 – Windows Embedded Standard 2009 & Windows Embedded POSReady 2009..

Comments

Post a Comment

Popular posts from this blog

Information Security Analyst Interview Questions

Top 12 Information Security Analyst Interview Questions & Answers 1) Explain what is the role of information security analyst? From small to large companies role of information security analyst includes Implementing security measures to protect computer systems, data and networks Keep himself up-to-date with on the latest intelligence which includes hackers techniques as well Preventing data loss and service interruptions Testing of data processing system and performing risk assessments Installing various security software like firewalls, data encryption and other security measures Recommending security enhancements and purchases Planning, testing and implementing network disaster plans Staff training on information and network security procedures 2) Mention what is data leakage? What are the factors that can cause data leakage? The separation or departing of IP from its intended place of storage is known as data leakage.  The factors that are respons...
Post a Comment
Read more

EaseUS Data Recovery Wizard Review

Take a look at a modern, digital camera today, and you’ll probably find it uses an SD card in order to save information. These small, convenient little disks can carry a lot of information on them, and can easily transfer your information from camera to computer.   Unfortunately, SD cards also come with a drawback. They are small, fragile, and easily damaged. Forget the SD card in your pocket until you discover it in the washer, or scratch it up taking it in and out of the camera, and you may end up being unable to access your data. Sometimes this is not a big deal, and you simply go and get another SD card. At other times, the loss of the priceless pictures or other information on that card is enough to leave you scrambling to look up SD card recovery on Google. If you looked, you might have a bit of sticker shock. SD card recovery can cost as much as $3,000 to get your lost data back, depending on how many GB of data were stored. Even cheap options can run you $400, f...
Post a Comment
Read more

Tr0ll 1.0 – Vulnhub CTF Challenge Walkthrough

  Tr0ll 1.0 is an intentionally vulnerable machine, which is more of a   CTF  like type than real world scenario. Nevertheless, this machine has its own difficulties and you can learn some new stuff from it. So, let’s start. Enumeration Phase Let’s first run  netdiscover  to find the IP of our machine. netdiscover -r 192.168.1.1/24 After that, we run our typical  nmap  scan to see the open ports in the machine. nmap -A -sS -Pn -vv [target] Great we see many interesting stuff here. First of all, there is an open  FTP  port and we can connect to it with  anonymous access .  Also there is an open  http  port, we will run a nikto scan for it. The  ssh  port will be valuable later. From the nikto scan we got an interesting  /secret/  folder. When we get inside, we can understand why the machine got this name. Nothing interesting here, as you can see. we got trolled Let’s connect ...
Post a Comment
Read more