Urgent out-of-band patch released for Internet Explorer

By

Drive-by attacks possible with critical vulnerability.

Microsoft has issued an emergency update for its Internet Explorer web browser to patch a vulnerability that can be exploited simply by users visiting malicious websites.

Urgent out-of-band patch released for Internet Explorer

The company issued the MS15-093 security bulletin, marked as critical, warning that all current versions of Internet Explorer are affected by the flaw, which could allow remote code execution by attackers.

This includes Internet Explorer 7 to 11, runnning on Windows Vista and newer supported versions of the desktop operating system, and also Windows Server 2008 onwards.

However, the risk of compromise in Server 2008 is only moderate thanks to Enhanced Security Configuration (ECS) restricted mode, Microsoft said.

A specially crafted website could trigger memory corruption in user systems through Internet Explorer if attackers can lure people to visit the malicious site.

This is due to the browser accessing objects in memory improperly, something attackers can abuse to run arbitrary code with the rights of the user, Microsoft said.

The vulnerability is serious enough to allow attackers full control of victims' systems if they are logged on with administrative rights.

Microsoft is sending out the patch to users through Windows Update.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?