Corrine Posted January 17, 2020 Posted January 17, 2020 Microsoft released Security Advisory ADV200001 for a remote code execution vulnerability with limited active attacks in Internet Explorer. The issue is described as the way that the scripting engine handles objects in memory in Internet Explorer. As described in the advisory: The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In the event you use Internet Explorer, it is strongly advised that you follow the instructions at the bottom of the Advisory to restrict access to JScript.dll as a workaround. Security Advisory ADV200001 1 1 Quote
zlim Posted January 18, 2020 Posted January 18, 2020 Because 27% of the world is still on Windows 7 and that browser is included with Windows 7. Eventually MS is coming up with Edge for Win 7. Too bad they didn't do this while Win 7 was still being patched. Companies can pay for Win 7 patches for up to 3 more years. Quote
securitybreach Posted January 18, 2020 Posted January 18, 2020 Yeah but why is it still included in Windows 10? Quote
goretsky Posted January 19, 2020 Posted January 19, 2020 Hello, Access to legacy line of business apps by corporate customers which they cannot replace due to budgetary reasons (no longer have source code or people who understand it and would have to rebuild from scratch, etc.). When in discussions by Microsoft, they explains, "Well, if IE is deprecated, we will continue using the last version of Windows that supports it." While that would not be a huge cut into enterprise software licensing revenues, it would be a noticeable and measurable one. That, in conjunction with having dela with reports of loss of or a stall in Windows 10's marketshare, would affect the company's stock price So, that's why IE is still present in Windows. Regards, Aryeh Goretsky 2 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.