According to reports, North Korea is currently exploiting a vulnerability in Internet Explorer. Microsoft has come out to advise internet explorer users to stop using the open-source browser until the flaw has been patched. It instead asked users to download the new edge browser . Microsoft gave reasons why the best option for internet explorer users is to download the edge browser.
According to the company, Edge does not only offer security from the flaws internet explorer is suffering, but it also offers an improved browsing experience. However, Firefox and Chrome are other options as well, because they are safe to use now compared to internet explorer.
The next security patch from Microsoft would take place on February 11, which is a few weeks far off. It means Microsoft cannot do anything about the vulnerability until the day it’s carrying out updates on explorer.
Microsoft made the vulnerability open to the public on
January 17, when it posted an advisory . The advisory described the
vulnerability as one that is capable of corrupting memory which allows hackers
to execute arbitrary code. When the attacker exploits this weakness, they would
have the same level of access to the system just like the real user.
The advisory stated the scenario that could play out when
the attacker wants to infiltrate the vulnerable internet explorer. It stated
that the attacker could design a special website with the main objective of
exploiting the vulnerability of Internet Explorer.
It could send an mail and convince the user to log onto the website and view it. If the attacker succeeds in getting information about the admin user accounts, they could take charge of the system and install their own programs, create new accounts, or delete the user data.
One reason why people are worried about the flaw is the
fact the attack could have connections from South Korea. Tom’s Guide revealed
that the flaw has close resemblance with a similar one that went for Mozilla
Firefox. However, the security team saw it on time and patched it completely.
Qihoo
360
has accused the North Korean government of the attack on IE. It specifically
mentioned the DarkHotel hacking, which tracks movements of first-class business
travelers. However, it’s still unclear whether the zero-day can be tied to the
North Korean hackers. But the firm has already pointed out that the flaw is
critical.
Microsoft wasn’t the first to discover the vulnerability.
CERT/CC, a division of Homeland Security, first discovered the flaw and
notified Microsoft. The security unit stated
that
the Jscript component in Internet Explorer has unknown memory corruption
vulnerability. It further mentioned that all apps that support the component
can be utilized to launch attacks.
Although Microsoft has not provided a patch for the update,
the company has posted some tips that can help to
reduce the risk. However, it warned that users should only follow this
route if they believe they are high-risk vulnerability targets. The company
warned that using this method may reduce the overall performance of the
features that depend on Jscript dill.
In December last year, Microsoft sued a mysterious hacking
group from North Korea for stealing very critical information from computers in
the U.S.
As at then, the report revealed that the hacking group,
Thallium, targeted members of groups, university staff, as well as think tanks
in the society.
The more worrying thing is the fact that the outmoded link known as jScript.dll will be needed before exploiting the internet explorer.
In the previous patch made, the older DLL known as jscript9
replaced has been replaced by the older DLL. But it’s possible for newer
browsers to load jscript.dll when the website needs it. However, the older DLL
is still in use by default in earlier Windows 7 versions as well as in Internet
Explorer 9.
sellcvvfreshcom cardsdumpscom
Categories