12 Feb 2020
Internet Explorer (if you haven't abandoned it) is not safe
Why? Because the browser carries a critical security flaw, which can be used by hackers to take control of your PC.
Plus, it is already being exploited in the wild.
Here are all the details.
Remote code execution bug affecting various versions of IE
The flaw in question - CVE-2020-0674 - is a zero-day bug that exists in multiple versions of Internet Explorer and allows remote code execution.
It was flagged by Clément Lecigne of Google's Threat Analysis Group and Ella Yu from Qihoo 360 and is capable of corrupting memory in such a way that a hacker could easily execute malicious code on the target's system.
Then, they could take control of the PC
Once the vulnerability is exploited - using a specially crafted website/application - and the malicious code is executed, the hacker can gain the same user rights as those held by the owner of the targeted PC.
From there, the threat actor can take control of the system by installing malicious programs, viewing/changing/deleting personal data, or creating a new user account with complete admin privileges.
Microsoft warned about active exploit of the flaw
Back in January, Microsoft had issued an advisory warning about the RCE vulnerability and noted that the flaw was actively being exploited by hackers in 'limited targeted attacks'.
However, at the time, the Redmond giant had no fix for the flaw; it only provided a workaround to alter permissions for jscript.dll file and prevent the vulnerable systems from being targeted.
Official fix is now available for download
That said, the official security fix for the vulnerability is now available for download.
It has been released as part of Microsoft's February Patch Tuesday updates and can be installed by manually checking for updates.
To fix the issue, head over to Windows settings > Updates & Security > Windows Update and click on 'Check for updates.'