Quote:Microsoft has confirmed that a zero-day flaw in Internet Explorer is being exploited by malicious actors.
 
The vulnerability, impacts all Windows 10 versions, Windows 8.1, and the recently-discontinued Windows 7. Microsoft rated it as “moderate” on Windows Server devices and “critical” on client versions of Windows. Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 are all affected.
 
The remote code execution could allow cybercriminals to obtain the same rights as the logged-in user, which in the case of an administrator account means they could get full control of the compromised device.
An attacker can be carried out through a crafted website, Microsoft explains.
 
“A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user,” Microsoft says in an advisory.

Quote:Microsoft has published a security advisory today about an Internet Explorer (IE) vulnerability that is currently being exploited in the wild -- a so-called zero-day.

The company's security advisory (ADV200001) currently only includes workarounds and mitigations that can be applied in order to safeguard vulnerable systems from attacks.
 

CONNECTED TO LAST WEEK'S FIREFOX ZERO-DAY

Last week, Mozilla patched a similar zero-day that was being exploited to attack Firefox users. Mozilla credited Qihoo 360 for discovering and reporting the Firefox zero-day.