BBB: How to avoid 'Expiring License' scam for Microsoft users

Joyce Solomon

"Microsoft has released a security advisory to address a critical vulnerability in Internet Explorer".

The tech giant assigned the bug with a common vulnerability identifier, CVE-2020-0674, but specific details of the bug have yet to be released. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. This could also be carried by tricking a user into viewing a specially crafted email attachment, PDF file, Office document, or any other file supporting embedded IE scripting engine content.

"Microsoft is aware of this vulnerability and working on a fix".

The memory handling bug can be exploited by an attacker to run malicious code on a target computer, but despite its severity, Microsoft is unlikely to release the fix before next month's Patch Tuesday. Hence Feb. 11 seems a likely date for a security update to appear.

A scam is making the rounds that's tied to the recent end of technical support for Microsoft's Windows 7 computer operating system.

Clément Lecigne of Google's Threat Analysis Group and Ella Yu from Qihoo 360 are jointly credited with uncovering the vulnerability.


In an alert, the U.S. government's Cybersecurity and Infrastructure Security Agency (CISA) advised system administrators to consider using Microsoft Edge or alternative browsers pending the availability of patches from Microsoft.

"Consider using Microsoft Edge or an alternate browser until patches are made available".

"CISA encourages users and administrators to review Microsoft's Advisory ADV20001 and CERT/CC's Vulnerability Note VU#338824 for more information, implement workarounds, and apply updates when available", it said. "By default, IE11, IE10, and IE9 uses Jscript9.dll which is not impacted by this vulnerability", Microsoft says.

The National Security Agency alerted Microsoft to a major flaw in its Windows operating system that could let hackers pose as legitimate software companies. Any application that supports embedding Internet Explorer or its scripting engine component may be used as an attack vector for this vulnerability.

Recently, a serious security bug was reported in the Mozilla Firefox browser.

Related:

Comments

Latest news

IPhone SE 2 launch allegedly cancelled amidst Coronavirus outbreak
BGR reported that according to FrontPage Tech's Jon Prosser , "Apple's March event is officially cancelled/not happening". Apple has changed its stance on the matter because of the coronavirus outbreak, according to a message on its website .

COVID-19 pandemic: What to do with pets during self-isolation
If you see any changes in the health condition of your pets, advice from a veterinarian should be sought as soon as possible. There are several reports that have been released by World Health Organization regarding the safety of pets.

Steam breaks another record with 20 million concurrent users online today
Rainbow Six Siege also broke its concurrent player count today, posting a total of 196,352 players earlier this morning. As observed at the time of the tweet, of those 20 million, 6.2 million were actually playing a game.

Saturday's update from province on COVID-19 pandemic
Calgary expects to have 3,500 city employees working from home by Monday, with the number growing throughout the week. As for licensed child care, out-of-school care programs and preschool programs, they will all be closed immediately.

WhatsApp working on new self-destructing text messages feature
In the second half of past year , WhatsApp started to experiment with a new feature - self-destructing messages . Make sure to tap Delete messages and choose how long new messages will last before they are deleted.

Other news