GajShield Security Alert – Internet Explorer Scripting Engine Memory Corruption Vulnerability
Internet Explorer in various Microsoft Windows Operating System allows remote code execution due to how the scripting engine handles objects in memory. Using this vulnerability, attackers can execute arbitary code in the context of the current user. If the user happens to be an Administrator, an attacker can take control of the system, delete data, install programs leading to compromising data security of an organisation
To exploit this vulnerability an attacker could craft a specially designed website and convince the user to view it. Attackers could also use compromised sites or sites which allow any users to provide content to it. Exploits could also be embedded in Microsoft Office documents that hosts the IE rendering engine. It is advised that users do not click on any link that appears suspicious.
The following Internet Explorer versions are affected. Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016. A complete list is available at https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0866#ID0EGB
Microsoft has provided security updates which addresses the above issue. It is advise to update your software on priority. For updates, visit https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0866