Microsoft Troubles Continue; Zero-Day Vulnerability Places Windows Users at Risk
Reported by Microsoft on January 17, the company admitted to another vulnerability in the older versions of its Windows products. A vulnerability in the remote code execution (RCE) was found in the scripting engine of Internet Explorer (IE). The vulnerability applies to all versions of IE on Windows, which can corrupt memory so that attackers can execute arbitrary code. Programs include Internet Explorer and Windows Server 2008 through to Windows 2018.
Source: Microsoft Windows 7 Download at Microsoft, updated January 2020
The vulnerability works so that an attacker could execute code in the context of the current user – meaning that a hacker could gain the same user rights as the current user on the system. “If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.” This would allow them to then install malicious programs, delete data, or create new accounts remotely. Microsoft further explained the attack method would most likely be “a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.”
Our Take
Microsoft is aware of limited targeted attacks that have already taken advantage of this vulnerability. However, a patch won’t be released until next month’s Patch Tuesday. Internet Explorer and older versions of Windows still have a high user rate among businesses. Windows 7 has the second largest market share of all desktop operating systems at 32.74%. This user rate is only beaten by its successor, Windows 10 at 47.65%. This means devices are using unsupported Windows 7 today. These devices are currently an extreme security risk.
One solution is to simply use another browser. For businesses that are unable to move away from the old Internet Explorer and Servers for operational reasons, there are some additional mitigation factors they could consider. Running the programs in a restricted mode will reduce the chance of malicious content from being able to make changes on the devices. ØPatch has created a temporary micro patch to address the problem to use as a stopgap until Patch Tuesday. Users of Windows 7 and older Windows products should be vigilant against any unsolicited emails that may be attempting to direct you to a malicious site.
Want to Know More?
Develop and Implement a Security Incident Management Program