Microsoft advisory had disclosed the RCE vulnerability that leverages the way IE’s scripting engine stores data, which could result to memory corruption, allowing attackers to run arbitrary code.
The attackers can also get same system privileges as the user, meaning that if the user is having admin rights, the attacker will equally get all the rights, enabling them to even create new users with admin-level of rights, and stuff like installing/uninstalling of system applications.
Microsoft issued a warning about the severe remotely executable vulnerability (CVE-2019-1367) existing in its oldest browser, Internet Explorer (IE), and had subsequently pushed out an out-of-bound emergency patch to fix the flaw.
The company also stated that the vulnerability is exploitable over the Internet, if a user is tricked into visiting a specially-crafted malicious site.
Surprisingly, there are over 8% of Internet users still stuck to the old browser, IE, and the market share also surpasses that of Apple Safari and the newest browser, Edge. And to make sure these set of users are protected the company had to issue the emergency patch, while advising that users should install the security patches as soon as possible.
This latest bug is coming on the heels of an earlier bizarre IE bug that allowed an attacker to steal files on a users system even when not actually using the browser.
And perhaps, the ultimate solution will have to be absolute ditching of the older browser and hopping onto the latest browser, Edge, which guarantees the best protections for now.