Tech giant Microsoft has recently dispatched a fix for a crucial bug in the code of its browser Internet Explorer. The problematic code enabled hackers to remotely control an affected system, says Infosecurity. The issue was present in the versions 9 to 11 of Internet Explorer.
The bug, CVE-2019-1367, reportedly gave attackers access to infected devices by corrupting memory. According to Microsoft, this provided malicious parties to gain obtain the same authority to access as the original user. For example, hackers who effectively exploits the security issue gains full rights if the current account is an administrative user.
Microsoft also said that a large-scale attack would have been possible through the internet. According to Microsoft’s Exploitability Assessment, the issue has not been publicly disclosed. It was exploited by cybercriminals and the company has also not identified any mitigating factors or workarounds.
With the release of the patch, the vulnerability made changes to the way “the scripting engine handles objects in memory.”
While the issue has been addressed, Infosecurity noted that it “represents another good reason why IE users should migrate to a modern browser.” Those within the Microsoft ecosystem are given the chance to use the company’s browser Edge. However, despite efforts to encourage users to switch to Edge, numbers show that the platform’s usage remains lower than IE’s.
Ed Williams, the director of SpiderLabs, remarked that need for an emergency fix emphasizes the need for effective patch management. Moreover, this teaches a lesson about regular vulnerability detection and asset identification. This way, companies will know which products have security issues and where to fix them.
Williams reminded developers that “attackers are flexible and dynamic.” These individuals also look for aspects to exploit in order to make money or to cater to their agendas. This is why it is important to take measures to prevent or quickly address vulnerabilities.
Meanwhile, Computer World noted that the security updates rolled out within an “optional non-security” and “monthly roll-up preview” patches. This means that users will not be able to implement the upgrades without particularly seeking them out. Users can do this by manually selecting “Check for updates.”
Consistent with Infosecurity’s advice, Woody Leonhard from Computer World said that the best thing to do is to “stop using Internet Explorer.”
Competitors of Microsoft’s browsers include Google Chrome, Chromium, Mozilla Firefox, Opera, Apple Safari, Rambox, and Iron.