Mozilla worked more effectively.
VU # 338824: Microsoft Internet Explorer Scripting Engine memory corruption vulnerability https://t.co/VAnKfBDdLU
– US-CERT (@USCERT_gov) January 18, 2020
Vulnerability with ID CVE-2020-0674 found in the way Internet Explorer manages memory. Cyber criminals can use the vulnerability to launch malicious code on the victim's computer – all it takes is the user who is the target to open the malicious website from a link sent via email or appearing in an internet search engine.
"The vulnerability that could allow remote code execution is that the script engine handles objects in memory in Internet Explorer. This vulnerability could damage memory in such a way that an attacker could execute arbitrary code against the current user. A cyber criminal who succeeds exploit this vulnerability, it may gain the same user rights as the current user. If a user is logged on with administrator privileges, an attacker who successfully exploited the vulnerability could take control of the affected system.The attacker could then install the programs; view, change or delete data, and even create new accounts with full user rights ", says Microsoft.
In response to a question from Techcrunch, Microsoft has announced that it is aware of occurrence "a limited number of successful attacks that exploit the vulnerability" and "is already working on an appropriate amendment". However, there are many indications that the patch will not be available until February 11, on the occasion of providing customary cumulative security patches on the second Tuesday of the month. It is not known if Internet Explorer for Windows 7 will be patched. If you use this system and Internet Explorer, it is better to install a new one as soon as possible Microsoft Edge.
Everything seems to indicate that this is the same gap as the one it is Mozilla already patched up in the middle of last week in a web browser Firefox. As many as 9% of Internet users currently use the Mozilla browser, while less than 1% of Internet Explorer. This does not mean, however, that Microsoft should not be much more efficient in these matters.
Source: US-CERT, CVE