Jump to content
Corrine

Microsoft Security Advisory for Remote Code Execution Vulnerability in IE

Recommended Posts

Corrine

Microsoft released Security Advisory ADV200001 for a remote code execution vulnerability with limited active attacks in Internet Explorer.  The issue is described as the way that the scripting engine handles objects in memory in Internet Explorer. As described in the advisory:

 

The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

 

In the event you use Internet Explorer, it is strongly advised that you follow the instructions at the bottom of the Advisory to restrict access to JScript.dll as a workaround.

 

Security Advisory ADV200001

 

  • Like 1
  • Thanks 1

Share this post


Link to post
Share on other sites
securitybreach

Why is IE still around anyway?

Share this post


Link to post
Share on other sites
zlim

Because 27% of the world is still on Windows 7 and that browser is included with Windows 7. Eventually MS is coming up with Edge for Win 7. Too bad they didn't do this while Win 7 was still being patched.

Companies can pay for Win 7 patches for up to 3 more years.

Share this post


Link to post
Share on other sites
securitybreach

Yeah but why is it still included in Windows 10?

Share this post


Link to post
Share on other sites
goretsky

Hello,

Access to legacy line of business apps by corporate customers which they cannot replace due to budgetary reasons (no longer have source code or people who understand it and would have to rebuild from scratch, etc.).  When in discussions by Microsoft, they explains, "Well, if IE is deprecated, we will continue using the last version of Windows that supports it."  While that would not be a huge cut into enterprise software licensing revenues, it would be a noticeable and measurable one.  That, in conjunction with having dela with reports of loss of or a stall in Windows 10's marketshare, would affect the company's stock price

 

So, that's why IE is still present in Windows.

 

Regards,

 

Aryeh Goretsky

 

  • Like 2

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...