Microsoft has issued an urgent patch for Internet Explorer after being tipped off by a Google security researcher about a zero-day vulnerability that was present in Internet Explorer 9, 10 and 11, on Windows 7, 8.1 and 10.
The company rushed to issue a patch because, apparently, the vulnerability is being exploited. The regular security update is still on schedule for Jan 8. Microsoft has released the update for Windows 10, version 1607 and later, as well as Windows Server 2008, 2012, 2016 and 2019.
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer," Microsoft said in the CVE-2018-8653 support document. "The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user."
The exploit was simple – all hackers needed to do is lure the unsuspecting victim to a malicious website. Most of these attempts go through phishing emails.
Internet Explorer is considered a legacy program since 2016. Microsoft has stopped upgrading it, although it still issues security patches from time to time. There are still some companies out there that run intranet sites and custom web apps on IE.
For Microsoft, the future is in Edge which will, soon enough, be replaced with a Chromium-running browser.
Image source: Shutterstock/BeeBright