Saturday, April 17, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Microsoft Issues Emergency Patch For Under-Attack IE Zero Day

January 11, 2019
in Internet Privacy
Microsoft Issues Emergency Patch For Under-Attack IE Zero Day
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Microsoft today issued an out-of-band security update to patch a critical zero-day vulnerability in Internet Explorer (IE) Web browser that attackers are already exploiting in the wild to hack into Windows computers.

Discovered by security researcher Clement Lecigne of Google’s Threat Analysis Group, the vulnerability, tracked as CVE-2018-8653, is a remote code execution (RCE) flaw in the IE browser’s scripting engine.

You might also like

Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems

YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs

US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack

According to the advisory, an unspecified memory corruption vulnerability resides in the scripting engine JScript component of Microsoft Internet Explorer that handles execution of scripting languages.

If exploited successfully, the vulnerability could allow attackers to execute arbitrary code in the context of the current user.

“If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” the advisory reads.

Besides this, a remote attacker can also target victims by convincing them into viewing a specially crafted HTML document (e.g., a web page or an email attachment), MS Office document, PDF file or any other document that supports embedded IE scripting engine content.

The IE zero-day vulnerability impacts IE 9 on Windows Server 2008, IE 10 on Windows Server 2012, IE 11 from Windows 7 to Windows 10, and IE 11 on Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows Server 2012 R2.

Neither Google nor Microsoft has yet publicly disclosed any technical details about the IE zero-day vulnerability, proof-of-concept exploit code, or details about the ongoing cyber attack campaign utilizing this RCE bug.

Since the vulnerability is actively being exploited in the wild which makes it a critical zero-day flaw, users are strongly recommended to install the latest updates provided by Microsoft as soon as possible.

Though it is not recommended, users who cannot immediately deploy patches can mitigate the threat by restricting access to jscript.dll file by running following command in the command prompt using admin privileges.

For 32-bit System — cacls %windir%system32jscript.dll /E /P everyone:N

For 64-bit System — cacls %windir%syswow64jscript.dll /E /P everyone:N

It should be noted that the above command will force the web browser to use Jscript9.dll, but any website that relies on Jscript.dll will fail to render.


Credit: Source link

Previous Post

The Ultimate R Cheat Sheet - Major Upgrade

Next Post

T-Mobile launches caller verification to protect customers from scams

Related Posts

22-Year-Old Charged With Hacking Water System and Endangering Lives
Internet Privacy

Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems

April 16, 2021
YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs
Internet Privacy

YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs

April 16, 2021
US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack
Internet Privacy

US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack

April 16, 2021
More Sophisticated, Prevalent and Evolving in 2021
Internet Privacy

More Sophisticated, Prevalent and Evolving in 2021

April 16, 2021
1-Click Hack Found in Popular Desktop Apps — Check If You’re Using Them
Internet Privacy

1-Click Hack Found in Popular Desktop Apps — Check If You’re Using Them

April 15, 2021
Next Post
T-Mobile launches caller verification to protect customers from scams

T-Mobile launches caller verification to protect customers from scams

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Google releases Chrome 90 with HTTPS by default and security fixes
Internet Security

Google releases Chrome 90 with HTTPS by default and security fixes

April 17, 2021
ML Scaling Requires Upgraded Data Management Plan
Machine Learning

ML Scaling Requires Upgraded Data Management Plan

April 17, 2021
SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021
Internet Security

SolarWinds: US and UK blame Russian intelligence service hackers for major cyberattack

April 17, 2021
Machine learning can be your best bet to transform your career
Machine Learning

Machine learning can be your best bet to transform your career

April 17, 2021
AI and Human Rights, A Story About Equality | by bundleIQ | Mar, 2021
Neural Networks

AI and Human Rights, A Story About Equality | by bundleIQ | Mar, 2021

April 17, 2021
Monitor Your SEO Placement with SEObase
Learn to Code

Monitor Your SEO Placement with SEObase

April 17, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Google releases Chrome 90 with HTTPS by default and security fixes April 17, 2021
  • ML Scaling Requires Upgraded Data Management Plan April 17, 2021
  • SolarWinds: US and UK blame Russian intelligence service hackers for major cyberattack April 17, 2021
  • Machine learning can be your best bet to transform your career April 17, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates