Internet Explorer security flaw in the Wild

Within this few days, people have aware of the Internet Explorer(IE) been reported a serious flaw been found and Microsoft has confirmed the flaw. IE is not the only browser that been having a flaw found where a few weeks ago, Firefox Browser is also having the same issues.

Microsoft is right now working on fixing the issues and we can be expected it to be released within this short period of time.

For this latest vulnerabilities/bug that been raised by Google’s Threat Analysis Group, ClĂ©ment Lecigne and Qihoo 360, Ella Yu. The Vulnerability works by allowing the attackers remotely run any malicious on the effected machine that using IE browser.

IE Vulnerability have been labelled as CVE-2020-0674 which Tenable have mentioned that it’s an Remote Execution Vulnerability which it have exists in the way of the engine handles objects that been resides within the memory in IE.

An example of the attack that can be used by the attacker would be phishing method where it will ask the victims to open the malicious link that will take advantages of the IE vulnerabilities.

The affected IE browser version as listed as below:

  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11

For the Proof of Concept(POC), there is none available in the wild for any reference. Despite the vulnerabilities have been limited targeted attacks and POC is not available, Microsoft has not yet to release any security patch on it and the user is been advised to implement temporary recommendation.

The user will need to restrict any access to any programming such as Javascript component files (JScript.dll) and also been advised to avoid using any IE Browser at the moment until the security patch has been released.

Reference: CVE-2020-0674: Internet Explorer Remote Code Execution Vulnerability Exploited in the Wild

Author: Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *