Microsoft have warned their users of an urgent security issue that they are experiencing with Internet Explorer. They have advised users to patch their browsers immediately after finding that hackers are exploiting a flaw with the search engine.
The severity of this issue is shown by how they have released these patches out of sync with their normal patch schedule. They normally release them on the 2nd Tuesday of every month, however, in this case, they felt they had to act sooner. The flaw affects versions 9, 10 and 11 of Internet Explorer and involves a remote code execution vulnerability which allows hackers to access the search engines memory and through this, get the same user rights as the user targeted.
A quote from Microsoft’s Security Research Centre said, “An attacker could then install programs; view, change, or delete data; or create new accounts will full user rights”. After hearing this you can see why they released a patch earlier than scheduled. “In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.”
Hopefully by the time that you are reading this, the automatic Windows update will have been released through the Microsoft Malware Protection Engine. The Internet Explorer Vulnerability must be applied manually by the user, however.
Even huge companies such as Microsoft can experience security issues. If you have any queries about you or your company’s security, we here at 121 IT are here to help.