The tech giant assigned the bug with a common vulnerability identifier, CVE-2020-0674, but specific details of the bug have yet to be released. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. This could also be carried by tricking a user into viewing a specially crafted email attachment, PDF file, Office document, or any other file supporting embedded IE scripting engine content.
"Microsoft is aware of this vulnerability and working on a fix".
The memory handling bug can be exploited by an attacker to run malicious code on a target computer, but despite its severity, Microsoft is unlikely to release the fix before next month's Patch Tuesday. Hence Feb. 11 seems a likely date for a security update to appear.
A scam is making the rounds that's tied to the recent end of technical support for Microsoft's Windows 7 computer operating system.
Clément Lecigne of Google's Threat Analysis Group and Ella Yu from Qihoo 360 are jointly credited with uncovering the vulnerability.
In an alert, the U.S. government's Cybersecurity and Infrastructure Security Agency (CISA) advised system administrators to consider using Microsoft Edge or alternative browsers pending the availability of patches from Microsoft.
"Consider using Microsoft Edge or an alternate browser until patches are made available".
"CISA encourages users and administrators to review Microsoft's Advisory ADV20001 and CERT/CC's Vulnerability Note VU#338824 for more information, implement workarounds, and apply updates when available", it said. "By default, IE11, IE10, and IE9 uses Jscript9.dll which is not impacted by this vulnerability", Microsoft says.
The National Security Agency alerted Microsoft to a major flaw in its Windows operating system that could let hackers pose as legitimate software companies. Any application that supports embedding Internet Explorer or its scripting engine component may be used as an attack vector for this vulnerability.
Recently, a serious security bug was reported in the Mozilla Firefox browser.
Saturday's update from province on COVID-19 pandemic
Calgary expects to have 3,500 city employees working from home by Monday, with the number growing throughout the week. As for licensed child care, out-of-school care programs and preschool programs, they will all be closed immediately.