A significant security flaw in Internet Explorer − remember it? − is currently being exploited by hackers, but Microsoft is dragging its feet to fix it.
The issue was reported by US-CERT on Saturday morning, and the vulnerability seems to be related to an issue with the memory in the browser’s scripting engine.
Hackers can reportedly take advantage of the issue to trick Internet Explorer users into opening HTML-formatted web pages and email attachments, PDF files and Microsoft Office documents hiding malicious code.
VU#338824: Microsoft Internet Explorer Scripting Engine memory corruption vulnerability https://t.co/VAnKfBDdLU
— US-CERT (@USCERT_gov) January 18, 2020
Related: Best antivirus
“Microsoft Internet Explorer contains a scripting engine, which handles execution of scripting languages such as VBScript and JScript”, the report explains.
“The scripting engine JScript component contains an unspecified memory corruption vulnerability. Any application that supports embedding Internet Explorer or its scripting engine component may be used as an attack vector for this vulnerability.”
The organisation also revealed that the vulnerability has been “detected in exploits in the wild” − which means hackers are already taking advantage of the bug.
According to TechCrunch, Microsoft is aware of targeted attacks and is working on releasing a fix. Unfortunately, the patch likely won’t arrive until the browser’s next round of monthly security fixes due − that’s February 11.
2020 has already been a rough year for Microsoft’s security department.
First, Microsoft ended support for Windows 7, which wouldn’t be an issue here if this new security flaw didn’t affect PCs running Windows 7 (it does). Any users still putting off upgrading to Windows 10 might want to make the jump now if they want to get their hands on the February patch.
Related: Best VPNs for security and privacy
Then, just hours after Microsoft cut support for Windows 7, a major Windows 10 vulnerability raised its head. This one so serious, that the NSA got involved.
While the latter issue has since been patched, it nevertheless marked a rocky start to the year for Microsoft and loyal Windows users alike.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.