{"id":14126,"date":"2018-12-20T15:30:41","date_gmt":"2018-12-20T23:30:41","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/12\/20\/news-7893\/"},"modified":"2018-12-20T15:30:41","modified_gmt":"2018-12-20T23:30:41","slug":"news-7893","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/12\/20\/news-7893\/","title":{"rendered":"Microsoft Issues Emergency Fix for IE Zero Day"},"content":{"rendered":"<p><strong>Credit to Author: BrianKrebs| Date: Wed, 19 Dec 2018 21:01:27 +0000<\/strong><\/p>\n<p><strong>Microsoft<\/strong> today released an emergency software patch to plug a critical security hole in its <strong>Internet Explorer<\/strong>\u00a0(IE) Web browser that attackers are already using to break into <strong>Windows<\/strong> computers.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignright size-full wp-image-46089\" src=\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2018\/12\/iexploder.jpg\" alt=\"\" width=\"170\" height=\"150\" \/> The software giant <a href=\"https:\/\/blogs.technet.microsoft.com\/msrc\/2018\/12\/19\/december-2018-security-update-release-2\/\" target=\"_blank\" rel=\"noopener\">said<\/a> it learned about the weakness (<strong>CVE-2018-8653<\/strong>) after receiving a report from <strong>Google<\/strong> about a new vulnerability being used in targeted attacks.<\/p>\n<p><strong>Satnam Narang<\/strong>, senior research engineer at <strong>Tenable<\/strong>, said the vulnerability affects the following installations of IE: Internet Explorer 11 from Windows 7 to Windows 10 as well as Windows Server 2012, 2016 and 2019; IE 9 on Windows Server 2008; and IE 10 on Windows Server 2012.<\/p>\n<p>&#8220;As the flaw is being actively exploited in the wild, users are urged to update their systems as soon as possible to reduce the risk of compromise,\u201d Narang said.<span id=\"more-46087\"><\/span><\/p>\n<p>According to a somewhat <a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/CVE-2018-8653#ID0EN\" target=\"_blank\" rel=\"noopener\">sparse advisory<\/a> about the patch, malware or attackers could use the flaw to break into Windows computers simply by getting a user to visit a hacked or booby-trapped Web site.\u00a0An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.<\/p>\n<p>Microsoft says\u00a0users who have\u00a0Windows Update enabled and have applied the latest security updates are protected automatically. Windows 10 users can manually check for updates <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4027667\/windows-10-update\" target=\"_blank\" rel=\"noopener\">this way<\/a>; instructions on how to do this for earlier versions of Windows are <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/3067639\/how-to-get-an-update-through-windows-update\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/p>\n<p><a href=\"https:\/\/krebsonsecurity.com\/2018\/12\/microsoft-issues-emergency-fix-for-ie-zero-day\/\" target=\"bwo\" >https:\/\/krebsonsecurity.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2018\/12\/iexploder.jpg\"\/><\/p>\n<p><strong>Credit to Author: BrianKrebs| Date: Wed, 19 Dec 2018 21:01:27 +0000<\/strong><\/p>\n<p>Microsoft today released an emergency software patch to plug a critical security hole in its Internet Explorer\u00a0(IE) Web browser that attackers are already using to break into Windows computers.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10642],"tags":[20499,1670,20500,20501,20502,16936],"class_list":["post-14126","post","type-post","status-publish","format-standard","hentry","category-independent","category-krebs","tag-cve-2018-8653","tag-google","tag-microsoft-ie-zero-day","tag-satnam-narang","tag-tenable","tag-time-to-patch"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/14126","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=14126"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/14126\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=14126"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=14126"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=14126"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}