[ad_1]
Microsoft has confirmed a new and serious flaw in its Internet Explorer program, one of the most popular Internet browsers currently, explaining that this vulnerability allows attackers and hackers to attack users via malware and malware. to infect them with malicious programs. On their computers and their sensitive data for the purpose of theft of money and data leakage.
Microsoft announced it has proposed a temporary solution to address this loophole until the arrival of the integrated and complete security update in January.
The flaw was discovered by an engineer from Google's attack analysis group, Clement Leesgen, a few days before it was officially recognized as "2018 8653", while Microsoft ranked it as a "zero day" vulnerability.
Remote help
According to Microsoft, the gap is between Internet Explorer 11 and 19, which still benefit from technical support and improvements from Microsoft.
Microsoft has shown that attackers are actually using this vulnerability to launch "zero-day" attacks because this vulnerability allowed them to run remote code that affected a portion of the browser called "script engine containing items in program memory." ". This part is constantly executed during the use of the program. Access to these remote instructions therefore allows the attacker to damage the program's memory. This one can immediately execute the code that he wishes as part of the normal operations of the program, which hides it and arrives. To what he sees is the user and his device through this loophole.
The company said it currently did not have a complete solution to address this loophole, but that it would develop security updates to fix it, as this would take time, and might not be able to put the final solution out of the way in January. However, Microsoft has promptly released a temporary security update that is compatible with the versions of Internet Explorer that come with Windows 7, Windows 8.1, Windows 10, Windows Server 2008, and Windows Server 2012. 2016 and 2019.
Improved dissipation
A report released by Computerworld said that Microsoft 's temporary emergency update included the reduction of Internet Explorer features to 2016, with the goal of eliminating the new loophole that appears to be in place. be accompanied by program updates after So
Computerworld said that the announcement of the attack had destroyed the slight improvement in the conditions of "Internet Explorer" last November compared to its main competitors, since it had managed to retain its market share in November 2018 without losing more, as it did in previous months and years. .
The performance of Internet Explorer rose 10 points to 12.9% in November, after falling to 9.6% in previous months. This slight improvement is ironic, since Microsoft has recently reduced the size of the browser and is weighing heavily on its new browser called Edge, which is related to Windows 10, and hinted that Internet Explorer will be retiring soon and has stopped. 39, make improvements, and only support security. The last slight improvement in November has led to the resumption of Internet Explorer in the browser market, but we expect the new serious flaw and implications that Microsoft has recognized to be corrected again in order to dispel the improvements made.
The zero gap today
The "zero day" gap is identical to the discovery by the doctors of an incurable virus because no one knew that it existed. So it's completely new and its time is starting to develop an anti-virus before it spreads and causes serious damage, The new security discovered for the first time because during the review period and Developing solutions to eliminate them can be easily exploited by any hacker or attacker is able to detect and gain access before the company or the competent authority repairs it. The period between discovery of the gap and the moment when the solution is called "today zero" is called, and all attacks during this period are called "zero-day" attacks.
When the company responsible for the system that detects loopholes is issued to correct these loopholes, these loopholes and attacks are not part of the "zero day" loopholes and attacks because solutions have been found to correct them.
[ad_2]
Source link
