You may want to implement a workaround or stop using the browser altogether, at least until Microsoft issues a a fix
Microsoft has released a security advisory alerting users to an as-yet unpatched vulnerability in its Internet Explorer (IE) web browser that is being exploited in limited targeted attacks.
The zero-day, which is tracked as CVE-2020-0674, is a memory corruption issue in the browser’s scripting engine. Its exploitation could enable remote attackers to run code of their choice on the compromised system.
The remote-code execution (RCE) security hole affects IE versions 9, 10 and 11 running on all supported Windows desktop and server versions, as well as the no-longer-supported Windows 7. The vulnerability can be exploited by attackers who lure you to visit a malicious website via the browser, typically by sending an email. It could ultimately enable crooks to install programs, tamper with data or set up new accounts with full user rights on the affected system.
Déjà vu with a twist
If most of this sounds familiar, it is for good reason. As recently as September and November 2019, respectively, the company disclosed two other zero-days in the browser.
There is an important difference, though. This time no patch is available – for the time being, anyway. Instead, it appears that the fix will not be rolled out until the next Patch Tuesda ..
Support the originator by clicking the read the rest link below.
