Microsoft has released the update for the zero-day vulnerability of Internet Explorer that hackers already use for targeted attacks. The tech giant did not announce the details of the scope of these attacks, but explained how criminals can exploit this defect (designated as CVE-2018-8653).
Apparently, attackers simply have to force users to visit websites designed specifically to exploit – by sending links via email, for example – in order to retrieve their computers. When attackers take control of the system, they can install programs, view or even change data, and create new accounts with full user rights.
Microsoft said in a security update report that Google had detected and warned of an error. According to Satnam Narang from Tenable, the error affects IE11 from Windows 7 to Windows 10, as well as IE9 and IE10 on certain versions of Windows Server. Narang invites users to "update their systems as soon as possible to reduce the risk of damage", as "the error is actively exploited".
Microsoft says the fix resolves the problem by "modifying the way the engine scripts process objects in memory." Those who installed the latest security protocol for Windows are already protected, and Microsoft encourages everyone else to do the same, either manually from this address, or via the automatic Windows Update system. The recommendation applies to those who have Window installed and do not use Internet Explorer in everyday activities.