This alert is originally published and can be viewed at www.cisecurity.org
OVERVIEW:
A vulnerability has been discovered in Microsoft Internet Explorer, which could allow for arbitrary code execution. Microsoft Internet Explorer is a web browser available for Microsoft Windows. Successful exploitation of this vulnerability could allow for arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
THREAT INTELLIGENCE:
There are reports of this vulnerability being exploited in the wild.
SYSTEMS AFFECTED:
RISK:
Government:
Businesses:
Home Users:
LOW
TECHNICAL SUMMARY:
A vulnerability has been discovered in Microsoft Internet Explorer, which could allow for arbitrary code execution. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.
Successful exploitation of this vulnerability could allow for arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
RECOMENDATIONS:
We recommend the following actions be taken:
REFERENCES:
Microsoft:
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8653https://blogs.technet.microsoft.com/msrc/2018/12/19/december-2018-security-update-release-2/
0 Comment Log in or register to post comments