Wednesday, August 19, 2015

MSFT Security Flaw

   
It's all Internet Explorer's fault -- again.
   
Microsoft has released an emergency out-of-band patch for a "critical"-rated security vulnerability, affecting all supported versions of Windows.

The software giant said in an advisory Tuesday that users visiting a specially-crafted website can lead to remote code execution on an affected machine.

The zero-day flaw (classified as CVE-2015-2502) works by exploiting a flaw in how Internet Explorer handles objects in memory. If successfully exploited, an attacker could "gain the same user rights as the current user," the advisory said. Those running administrator accounts are particularly at risk, it said.

Simply put: this flaw could allow an affected Windows machine to be taken over by an attacker.

It does not appear that the vulnerability is currently being exploited by hackers.

No comments:

Post a Comment