Page Loader
Home / News / Technology News / Internet Explorer (if you haven't abandoned it) is not safe
Internet Explorer (if you haven't abandoned it) is not safe

Internet Explorer (if you haven't abandoned it) is not safe

By Shubham Sharma
Feb 12, 2020
07:03 pm
What's the story

Even though Internet Explorer is a thing of the past, Microsoft is requesting Windows users to install a major update associated with it. Why? Because the browser carries a critical security flaw, which can be used by hackers to take control of your PC. Plus, it is already being exploited in the wild. Here are all the details.

Bug

Remote code execution bug affecting various versions of IE

The flaw in question - CVE-2020-0674 - is a zero-day bug that exists in multiple versions of Internet Explorer and allows remote code execution. It was flagged by Clément Lecigne of Google's Threat Analysis Group and Ella Yu from Qihoo 360 and is capable of corrupting memory in such a way that a hacker could easily execute malicious code on the target's system.

Exploit

Then, they could take control of the PC

Once the vulnerability is exploited - using a specially crafted website/application - and the malicious code is executed, the hacker can gain the same user rights as those held by the owner of the targeted PC. From there, the threat actor can take control of the system by installing malicious programs, viewing/changing/deleting personal data, or creating a new user account with complete admin privileges.

Warning

Microsoft warned about active exploit of the flaw

Back in January, Microsoft had issued an advisory warning about the RCE vulnerability and noted that the flaw was actively being exploited by hackers in 'limited targeted attacks'. However, at the time, the Redmond giant had no fix for the flaw; it only provided a workaround to alter permissions for jscript.dll file and prevent the vulnerable systems from being targeted.

Fix

Official fix is now available for download

That said, the official security fix for the vulnerability is now available for download. It has been released as part of Microsoft's February Patch Tuesday updates and can be installed by manually checking for updates. To fix the issue, head over to Windows settings > Updates & Security > Windows Update and click on 'Check for updates.'